RE: [ldapext] password policy response control question

["Ramsay, Ron" <Ron.Ramsay@ca.com>]

Hi John,

 

The question of whether to send a response ("when appropriate") has come up before and has not been resolved. I'd like to put a stake in the ground and say that a response should always be sent if the control is understood (that is, if the server supports the control).

 

Further, I'd like to suggest that, in the case where there is no data to be sent, the value be absent.

 

Ron

---

From: John McMeeking [mailto:jmcmeek@us.ibm.com]
Sent: Monday, 8 May 2006 12:26 PM
To: ldapext@ietf.org
Subject: [ldapext] password policy response control question

What response should the server send 
if there are no password policy warnings or errors to report? 

I've heard several answers proposed on my 
team, along with arguments for and against: 

1.  Do not send a password policy response control. 
2.  Send a response control with no value. 
3.  Send a response control where 
the value consists of an empty sequence. 

The draft says that responses are sent "when appropriate", and there is a 
general rule that protocols shouldn't be unnecessarily "chatty".  Not 
sending a response fits both those criteria, but some have argued that not 
sending this control should be interpreted as meaning the server does not 
support the control (perhaps the control is not supported with a particular 
naming context) .  Control values are optional for LDAP controls in 
general.  The draft doesn't say the response MUST be sent with a control 
value; neither does it state any condition under which the server would send a 
response control without a warning or error. 

The converse of the question might be:  What should 
a client expect as normal responses? 


John  McMeeking
_______________________________________________
Ldapext mailing list
Ldapext@ietf.org
https://www1.ietf.org/mailman/listinfo/ldapext