idnits 2.17.1 draft-ietf-asid-ldapv3-url-01.txt: ** The Abstract section seems to be numbered Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Cannot find the required boilerplate sections (Copyright, IPR, etc.) in this document. Expected boilerplate is as follows today (2024-04-25) according to https://trustee.ietf.org/license-info : IETF Trust Legal Provisions of 28-dec-2009, Section 6.a: This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. IETF Trust Legal Provisions of 28-dec-2009, Section 6.b(i), paragraph 2: Copyright (c) 2024 IETF Trust and the persons identified as the document authors. All rights reserved. IETF Trust Legal Provisions of 28-dec-2009, Section 6.b(i), paragraph 3: This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** Missing expiration date. The document expiration date should appear on the first and last page. ** The document seems to lack a 1id_guidelines paragraph about Internet-Drafts being working documents. ** The document seems to lack a 1id_guidelines paragraph about 6 months document validity -- however, there's a paragraph with a matching beginning. Boilerplate error? ** The document seems to lack a 1id_guidelines paragraph about the list of current Internet-Drafts. ** The document seems to lack a 1id_guidelines paragraph about the list of Shadow Directories. == No 'Intended status' indicated for this document; assuming Proposed Standard == The page length should not exceed 58 lines per page, but there was 3 longer pages, the longest (page 2) being 59 lines Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. ** There is 1 instance of too long lines in the document, the longest one being 3 characters in excess of 72. == The 'Obsoletes: ' line in the draft header should list only the _numbers_ of the RFCs which will be obsoleted by this document (if approved); it should not include the word 'RFC' in the list. -- The draft header indicates that this document obsoletes RFC1959, but the abstract doesn't seem to mention this, which it should. Miscellaneous warnings: ---------------------------------------------------------------------------- == Line 12 has weird spacing: '...fts are worki...' == Line 13 has weird spacing: '...ments of the ...' == Line 14 has weird spacing: '...t other group...' == Line 18 has weird spacing: '...and may be ...' == Line 22 has weird spacing: '...atus of any ...' == (29 more instances...) -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (April 1997) is 9872 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: A later version (-03) exists of draft-ietf-asid-ldapv3-dn-02 == Outdated reference: A later version (-09) exists of draft-ietf-asid-ldapv3-protocol-04 == Outdated reference: A later version (-07) exists of draft-ietf-asid-ldapv3-attributes-04 -- Possible downref: Non-RFC (?) normative reference: ref. '5' == Outdated reference: A later version (-06) exists of draft-ietf-tls-protocol-02 ** Downref: Normative reference to an Historic draft: draft-ietf-tls-protocol (ref. '6') Summary: 11 errors (**), 0 flaws (~~), 13 warnings (==), 4 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group Tim Howes 3 INTERNET DRAFT Mark Smith 4 OBSOLETES: RFC 1959 Netscape Communications Corp. 5 Expires in six months April 1997 7 The LDAP URL Format 8 10 1. Status of this Memo 12 This document is an Internet-Draft. Internet-Drafts are working docu- 13 ments of the Internet Engineering Task Force (IETF), its areas, and its 14 working groups. Note that other groups may also distribute working 15 documents as Internet-Drafts. 17 Internet-Drafts are draft documents valid for a maximum of six months 18 and may be updated, replaced, or obsoleted by other documents at any 19 time. It is inappropriate to use Internet- Drafts as reference material 20 or to cite them other than as ``work in progress.'' 22 To learn the current status of any Internet-Draft, please check the 23 ``1id-abstracts.txt'' listing contained in the Internet- Drafts Shadow 24 Directories on ds.internic.net (US East Coast), nic.nordu.net (Europe), 25 ftp.isi.edu (US West Coast), or munnari.oz.au (Pacific Rim). 27 2. Abstract 29 LDAP is the Lightweight Directory Access Protocol, defined in [1], [2] 30 and [3]. This document describes a format for an LDAP Uniform Resource 31 Locator. The format describes an LDAP search operation to perform to 32 retrieve information from an LDAP directory. This document replaces RFC 33 1959. It updates the LDAP URL format for version 3 of LDAP. This docu- 34 ment also defines a second URL scheme prefix for LDAP running over the 35 TLS protocol defined in [6]. 37 RFC DRAFT April 1997 39 3. URL Definition 41 An LDAP URL begins with the protocol prefix "ldap" (or the prefix 42 "ldaps" for LDAP over TLS) and is defined by the following grammar. 44 ldapurl = scheme "://" [hostport] "/" 45 [dn ["?" [attributes] ["?" [scope] 46 ["?" [filter]]]]] 47 scheme = "ldap" / "ldaps" 48 attributes = [attrdesc *("," attrdesc)] 49 scope = "base" / "one" / "sub" 50 dn = distinguishedName from Section 3 of [1] 51 hostport = hostport from Section 5 of RFC 1738 [5] 52 attrdesc = AttributeDescription from Section 4.1.5 of [2] 53 filter = filter from Section 4 of [4] 55 The "ldap" and "ldaps" prefixes indicate an entry or entries residing in 56 the LDAP server running on the given hostname at the given portnumber. 57 For regular LDAP servers, the default port is TCP port 389. For LDAP 58 servers running over the TLS protocol [6], the default port is 636. 60 The dn is an LDAP Distinguished Name using the string format described 61 in [1]. It identifies the base object of the LDAP search. 63 The attributes construct is used to indicate which attributes should be 64 returned from the entry or entries. Individual attrdesc names are as 65 defined for AttributeDescription in [2]. If the attributes part is 66 omitted, all attributes of the entry or entries should be returned. 68 The scope construct is used to specify the scope of the search to per- 69 form in the given LDAP server. The allowable scopes are "base" for a 70 base object search, "one" for a one-level search, or "sub" for a subtree 71 search. If scope is omitted, a scope of "base" is assumed. 73 The filter is used to specify the search filter to apply to entries 74 within the specified scope during the search. It has the format speci- 75 fied in [4]. If filter is omitted, a filter of "(objectClass=*)" is 76 assumed. 78 If the entry or entries reside in the X.500 namespace, they should be 79 reachable from any LDAP server that is providing front-end access to the 80 X.500 directory. If the hostport part of the URL is missing, the URL can 81 be resolved by contacting any X.500-back-ended LDAP server. 83 Note that any URL-illegal characters (e.g., spaces) and the reserved 84 character '?' occurring inside a dn, filter, or other element of an LDAP 85 URL must be escaped using the % method described in RFC 1738 [5]. 87 RFC DRAFT April 1997 89 4. Examples 91 The following are some example LDAP URLs using the format defined above. 92 An LDAP URL referring to the University of Michigan entry, available 93 from any X.500-capable LDAP server: 95 ldap:///o=University%20of%20Michigan,c=US 97 An LDAP URL referring to the University of Michigan entry in a particu- 98 lar ldap server: 100 ldap://ldap.itd.umich.edu/o=University%20of%20Michigan,c=US 102 This URL corresponds to a base object search of the "o=University of 103 Michigan, c=US" entry using a filter of (objectclass=*), requesting all 104 attributes. 106 An LDAP URL referring to only the postalAddress attribute of the Univer- 107 sity of Michigan entry: 109 ldap://ldap.itd.umich.edu/o=University%20of%20Michigan,c=US?postalAddress 111 The corresponding LDAP search operation is the same as in the previous 112 example, except that only the postalAddress attribute is requested. 114 An LDAP URL referring to the set of entries found by querying any 115 X.500-capable LDAP server and doing a subtree search of the University 116 of Michigan for any entry with a common name of "Babs Jensen", retriev- 117 ing all attributes: 119 ldap:///o=University%20of%20Michigan,c=US??sub?(cn=Babs%20Jensen) 121 A secure LDAP URL referring to all children of the c=GB entry: 123 ldaps://ldap.itd.umich.edu/c=GB?objectClass?one 125 The objectClass attribute is requested to be returned along with the 126 entries, and the default filter of "(objectclass=*)" is used. 128 An LDAP URL to retrieve the mail attribute for the LDAP entry named 129 "o=Question?,c=US" is given below, illustrating the use of the escaping 130 mechanism on the reserved character '?'. 132 ldap://ldap.question.com/o=Question%3f,c=US?mail 134 5. Security Considerations 136 The LDAP URL format does not provide a way to specify credentials to use 137 RFC DRAFT April 1997 139 when resolving the URL. Therefore, it is expected that such requests 140 will be unauthenticated, unless some out-of-band mechanism is used. 142 The LDAP URL format allows the specification of an arbitrary LDAP search 143 operation to be performed when evaluating the LDAP URL. Following an 144 LDAP URL may cause unexpected results, for example, the retrieval of 145 large amounts of data, the initiation of a long-lived search, etc. The 146 security implications of resolving an LDAP URL are the same as those of 147 resolving an LDAP search query. 149 6. References 151 [1] Lightweight Directory Access Protocol (v3): UTF-8 String Represen- 152 tation of Distinguished Names. M. Wahl, S. Kille, draft-ietf- 153 asid-ldapv3-dn-02.txt, March 1997. 155 [2] Lightweight Directory Access Protocol (v3). M. Wahl, T. Howes, S. 156 Kille, draft-ietf-asid-ldapv3-protocol-04.txt, March 1997. 158 [3] Lightweight Directory Access Protocol (v3): Attribute Syntax Defin- 159 itions. M. Wahl, A. Coulbeck, T. Howes, S. Kille, draft-ietf- 160 asid-ldapv3-attributes-04.txt, March 1997. 162 [4] A String Representation of LDAP Search Filters. T. Howes, draft- 163 ietf-asid-ldapv3-filter.00.txt, March 1997. 165 [5] Uniform Resource Locators (URL). T. Berners-Lee, L. Masinter, M. 166 McCahill, Request for Comment (RFC) 1738, December 1994. 168 [6] The TLS Protocol Version 1.0., T. Dierks, C. Allen, draft-ietf- 169 tls-protocol-02.txt, March 1997. 171 7. Author's Address 173 Tim Howes 174 Netscape Communications Corp. 175 501 E. Middlefield Rd. 176 Mountain View, CA 94043 177 USA 178 +1 415 937-3419 179 howes@netscape.com 181 Mark Smith 182 501 E. Middlefield Rd. 183 Mountain View, CA 94043 184 USA 185 +1 415 937-3477 186 mcs@netscape.com