[Date Prev][Date Next]
Re: (ITS#5785) dontUseCopy in slapd requires criticality to be TRUE
> The "dontUseCopy" control requires criticality to be TRUE. While this is the
> desirable value,
Why is this a desirable value? The answer Kurt gave on ldap-ext mailing
list just mentioned direct mapping to X.511 dontUseCopy option.
> a DUA could use the control with the criticality set to FALSE.
As I stated on ldap-ext mailing list in this case I'd simply accept a
best effort on the DSA side. So sending "dontUseCopy" control with
criticality FALSE would mean: If the DSA supports this control it should
*process* it according to what's specified in
draft-zeilenga-ldap-dontusecopy. Otherwise ignore it.
The main problem is that a DUA cannot determine in advance whether a DSA
supports a certain control for a certain backend. It turned out in
practice that looking a supportedControl in rootDSE does not have any
meaning at all.
IMO yet another control does not solve this.
> For full conformance with RFC4511, if the control is syntactically well-formed
> and criticality is set to FALSE, slapd MUST accept it if recognized, or MUST
> ignore it if not recognized, but CANNOT question the fact that the value of
> criticality is violating the control's specification.
I'm not sure whether this statement can be made generally. I'd wish so
and I'd rephrase "accept it" to "process it".