[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: [ldapext] password policy response control question
Hi John,
The question of whether to send a response ("when
appropriate") has come up before and has not been resolved. I'd like to put a
stake in the ground and say that a response should always be sent if the control
is understood (that is, if the server supports the control).
Further, I'd like to suggest that, in the case
where there is no data to be sent, the value be
absent.
Ron
What response should the server send
if there are no password policy warnings or errors to report?
I've heard several answers proposed on my
team, along with arguments for and against:
1. Do not send a password policy response control.
2. Send a response control with no value.
3. Send a response control where
the value consists of an empty sequence.
The draft says that responses are sent "when appropriate", and there is a
general rule that protocols shouldn't be unnecessarily "chatty". Not
sending a response fits both those criteria, but some have argued that not
sending this control should be interpreted as meaning the server does not
support the control (perhaps the control is not supported with a particular
naming context) . Control values are optional for LDAP controls in
general. The draft doesn't say the response MUST be sent with a control
value; neither does it state any condition under which the server would send a
response control without a warning or error.
The converse of the question might be: What should
a client expect as normal responses?
John McMeeking
_______________________________________________
Ldapext mailing list
Ldapext@ietf.org
https://www1.ietf.org/mailman/listinfo/ldapext