idnits 2.17.1 draft-armijo-ldap-control-error-02.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Looks like you're using RFC 2026 boilerplate. This must be updated to follow RFC 3978/3979, as updated by RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** The document seems to lack a 1id_guidelines paragraph about 6 months document validity -- however, there's a paragraph with a matching beginning. Boilerplate error? == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. Miscellaneous warnings: ---------------------------------------------------------------------------- == The "Author's Address" (or "Authors' Addresses") section title is misspelled. -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- Couldn't find a document date in the document -- date freshness check skipped. Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: '3' is mentioned on line 117, but not defined ** Obsolete normative reference: RFC 2251 (ref. '1') (Obsoleted by RFC 4510, RFC 4511, RFC 4512, RFC 4513) Summary: 5 errors (**), 0 flaws (~~), 3 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 INTERNET-DRAFT Michael P. Armijo 2 Microsoft Corporation 3 September, 2001 Asaf Kashi 4 Microsoft Corporation 6 Result Code for LDAP Controls 8 Status of this Memo 10 This document is an Internet-Draft and is in full conformance with 11 all provisions of Section 10 of RFC2026. 13 Internet-Drafts are working documents of the Internet Engineering 14 Task Force (IETF), its areas, and its working groups. Note that 15 other groups may also distribute working documents as Internet- 16 Drafts. 18 Internet-Drafts are draft documents valid for a maximum of six 19 months and may be updated, replaced, or obsoleted by other documents 20 at any time. It is inappropriate to use Internet- Drafts as 21 reference material or to cite them other than as "work in progress." 23 The list of current Internet-Drafts can be accessed at 24 http://www.ietf.org/ietf/1id-abstracts.txt 26 The list of Internet-Draft Shadow Directories can be accessed at 27 http://www.ietf.org/shadow.html. 29 Distribution of this memo is unlimited. It is filed as , and expires March, 2001. 32 Please send comments to the author. 34 Abstract 36 The purpose of this document is to create a new result code specific 37 to LDAP controls and to define guidelines for the use of this result 38 code. 40 1. Background and Intended Usage 42 LDAPv3 [1] allows for the extension of the protocol through the use 43 of controls. These controls allow existing operations to be 44 enhanced to provide additional functionality for directory 45 operations. Complex controls are being established that are 46 bringing up error conditions not anticipated in the LDAPv3 47 specifications. 49 Result Code for LDAP Controls August 2001 51 This document provides a result code that can be used to signify a 52 control specific error. 54 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 55 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in 56 this document are to be interpreted as described in RFC 2119 [2]. 58 2. The LDAP Control Result Code 60 The LDAPResult construct as defined in section 4.1.10 of RFC 2251 61 [1] includes a list of valid result codes. The LDAPResult construct 62 is repeated here for readability: 64 LDAPResult ::= SEQUENCE { 65 resultCode ENUMERATED { 66 success (0), 67 operationsError (1), 68 protocolError (2), 69 timeLimitExceeded (3), 70 sizeLimitExceeded (4), 71 compareFalse (5), 72 compareTrue (6), 73 authMethodNotSupported (7), 74 strongAuthRequired (8), 75 -- 9 reserved -- 76 referral (10), -- new 77 adminLimitExceeded (11), -- new 78 unavailableCriticalExtension (12), -- new 79 confidentialityRequired (13), -- new 80 saslBindInProgress (14), -- new 81 noSuchAttribute (16), 82 undefinedAttributeType (17), 83 inappropriateMatching (18), 84 constraintViolation (19), 85 attributeOrValueExists (20), 86 invalidAttributeSyntax (21), 87 -- 22-31 unused -- 88 noSuchObject (32), 89 aliasProblem (33), 90 invalidDNSyntax (34), 91 -- 35 reserved for undefined isLeaf -- 92 aliasDereferencingProblem (36), 93 -- 37-47 unused -- 94 inappropriateAuthentication (48), 95 invalidCredentials (49), 96 insufficientAccessRights (50), 97 busy (51), 98 unavailable (52), 99 unwillingToPerform (53), 100 loopDetect (54), 101 -- 55-63 unused -- 102 namingViolation (64), 103 Result Code for LDAP Controls August 2001 105 objectClassViolation (65), 106 notAllowedOnNonLeaf (66), 107 notAllowedOnRDN (67), 108 entryAlreadyExists (68), 109 objectClassModsProhibited (69), 110 -- 70 reserved for CLDAP -- 111 affectsMultipleDSAs (71), -- new 112 -- 72-79 unused -- 113 other (80) }, 114 -- 81-90 reserved for APIs -- 115 matchedDN LDAPDN, 116 errorMessage LDAPString, 117 referral [3] Referral OPTIONAL } 119 This document adds another valid result code, controlError(76). 121 3. Use of the LDAP Control Result Code 123 The controlError MUST be defined in any control specification that 124 makes use of the result code. The scenario of when the controlError 125 result code may be returned and the exact behavior of the client 126 with particular controls MUST be defined in any control 127 specification that refers to this result code. 129 The controlError result code can be returned when an operation has 130 failed due to an error caused by an attached control. The 131 controlError SHOULD NOT be used to represent any condition that can 132 be defined using any existing result code in RFC 2251. 134 The controlError result code MAY be defined in control 135 specifications to signify that the client should parse an embedded 136 result code for additional control specific results. 138 4. Security Considerations 140 This document defines an extension to RFC 2251 [1] and has the same 141 security issues. See the security considerations section in [1] for 142 more details. 144 5. References 146 [1] Wahl, M., Howes, T. and S. Kille, "Lightweight Directory Access 147 Protocol(v3)", RFC 2251, December 1997. 149 [2] Bradner, S., "Key words for use in RFCs to Indicate Requirement 150 Levels", RFC 2119, March 1997 151 Result Code for LDAP Controls August 2001 153 6. Authors Address 155 Asaf Kashi 156 One Microsoft Way 157 Redmond, WA 98052 158 asafk@microsoft.com 160 Michael P. Armijo 161 One Microsoft Way 162 Redmond, WA 98052 163 micharm@microsoft.com 165 Expires March, 2002