idnits 2.17.1 draft-ietf-ldup-lcup-04.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Looks like you're using RFC 2026 boilerplate. This must be updated to follow RFC 3978/3979, as updated by RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** There are 4 instances of too long lines in the document, the longest one being 2 characters in excess of 72. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not match the current year == Line 1022 has weird spacing: '...Servers are t...' -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (February 2003) is 7740 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'Section 5' is mentioned on line 827, but not defined == Unused Reference: 'RFC2252' is defined on line 1068, but no explicit reference was found in the text ** Obsolete normative reference: RFC 2251 (Obsoleted by RFC 4510, RFC 4511, RFC 4512, RFC 4513) ** Obsolete normative reference: RFC 2252 (Obsoleted by RFC 4510, RFC 4512, RFC 4517, RFC 4523) -- No information found for draft-zeilenga-ldap-cancel-xx - is the name correct? -- Possible downref: Normative reference to a draft: ref. 'CANCEL' -- Possible downref: Non-RFC (?) normative reference: ref. 'UUID' -- Obsolete informational reference (is this intentional?): RFC 3383 (Obsoleted by RFC 4520) -- No information found for draft-zeilenga-ldap-subentry-xx - is the name correct? -- No information found for draft-zeilenga-ldap-collective-xx - is the name correct? Summary: 5 errors (**), 0 flaws (~~), 4 warnings (==), 8 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 LDUP 2 Internet Draft R. Megginson, Editor 3 Document: draft-ietf-ldup-lcup-04.txt M. Smith 4 Category: Proposed Standard Netscape 5 Expires: July 2003 Communications 6 Corp. 7 O. Natkovich 8 Yahoo 9 J. Parham 10 Microsoft 11 Corporation 13 February 2003 15 LDAP Client Update Protocol 17 Status of this Memo 19 This document is an Internet-Draft and is in full conformance with 20 all provisions of Section 10 of RFC 2026 [RFC2026]. 22 Internet-Drafts are working documents of the Internet Engineering 23 Task Force (IETF), its areas, and its working groups. Note that 24 other groups may also distribute working documents as Internet- 25 Drafts. 27 Internet-Drafts are draft documents valid for a maximum of six months 28 and may be updated, replaced, or obsoleted by other documents at any 29 time. It is inappropriate to use Internet-Drafts as reference 30 material or to cite them other than as "work in progress." 32 The list of current Internet-Drafts can be accessed at 33 http://www.ietf.org/ietf/1id-abstracts.txt 34 The list of Internet-Draft Shadow Directories can be accessed at 35 http://www.ietf.org/shadow.html. 37 Abstract 39 This document defines the Lightweight Directory Access Protocol 40 (LDAP) Client Update Protocol (LCUP). The protocol is intended to 41 allow an LDAP client to synchronize with the content of a directory 42 information tree (DIT) stored by an LDAP server and to be notified 43 about the changes to that content. 45 Conventions used in this document 46 In the protocol flow definition, the notation C->S and S->C specifies 47 the direction of the data flow from the client to the server and from 48 the server to the client respectively. 49 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 50 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 51 document are to be interpreted as described in RFC 2119 [RFC2119]. 53 Table of Contents 55 1. Overview......................................................3 56 2. Specification of Protocol Elements............................4 57 2.1 Universally Unique Identifiers.............................4 58 2.2 LCUP Scheme and LCUP Cookie................................5 59 2.3 LCUP Context...............................................5 60 2.4 Additional LDAP Result Codes defined by LCUP...............5 61 2.5 Sync Request Control.......................................6 62 2.6 Sync Update Control........................................7 63 2.7 Sync Done Control..........................................7 64 3. Protocol Usage and Flow.......................................7 65 3.1 LCUP Search Requests.......................................8 66 3.1.1 Initial Synchronization and Full Resync................8 67 3.1.2 Incremental or Update Synchronization..................9 68 3.1.3 Persistent Only........................................9 69 3.2 LCUP Search Responses......................................9 70 3.2.1 Sync Update Informational Responses...................10 71 3.2.2 Cookie Return Frequency...............................10 72 3.2.3 Definition of an Entry That Has Entered the Result Set11 73 3.2.4 Definition of an Entry That Has Changed...............12 74 3.2.5 Definition of an Entry That Has Left the Result Set...12 75 3.2.6 Results For Entries Present in the Result Set.........12 76 3.2.7 Results For Entries That Have Left the Result Set.....13 77 3.3 Responses Requiring Special Consideration.................14 78 3.3.1 Returning Results During the Persistent Phase.........14 79 3.3.2 No Mixing of Sync Phase with Persist Phase............14 80 3.3.3 Returning Updated Results During the Sync Phase.......14 81 3.3.4 Operational Attributes and Administrative Entries.....15 82 3.3.5 Virtual Attributes....................................15 83 3.3.6 Modify DN and Delete Operations Applied to Subtrees...16 84 3.3.7 Convergence Guarantees................................16 85 3.4 LCUP Search Termination...................................16 86 3.4.1 Server Initiated Termination..........................16 87 3.4.2 Client Initiated Termination..........................17 88 3.5 Protocol Flow.............................................17 89 3.6 Size and Time Limits......................................18 90 3.7 Operations on the Same Connection.........................18 91 3.8 Interactions with Other Controls..........................18 92 4. Client Side Considerations...................................18 93 4.1 Using Cookies with Different Search Criteria..............18 94 4.2 Renaming the Base Object..................................19 95 4.3 Use of Persistent Searches With Respect to Resources......19 96 4.4 Continuation References to Other LCUP Contexts............19 97 4.5 Referral Handling.........................................19 98 4.6 Multiple Copies of Same Entry During Sync Phase...........19 99 4.7 Handling Server Out of Resources Condition................20 100 5. Server Implementation Considerations.........................20 101 5.1 Server Support for UUIDs..................................20 102 5.2 Example of Using an RUV as the Cookie Value...............20 103 5.3 Cookie Support Issues.....................................20 104 5.3.1 Support for Multiple Cookie Schemes...................20 105 5.3.2 Information Contained in the Cookie...................21 106 5.4 Persist Phase Response Time...............................21 107 5.5 Scaling Considerations....................................21 108 5.6 Alias Dereferencing.......................................22 109 6. Synchronizing Heterogeneous Data Stores......................22 110 Security Considerations.........................................22 111 Normative References............................................22 112 Informative References..........................................23 113 Acknowledgments.................................................23 114 Author's Addresses..............................................23 115 Full Copyright Statement........................................24 116 Appendix - Features Left Out of LCUP............................25 118 1. Overview 120 The LCUP protocol is intended to allow LDAP clients to synchronize 121 with the content stored by LDAP servers. 123 The problem areas addressed by the protocol include: 125 - Mobile clients that maintain a local read-only copy of the 126 directory data. While off-line, the client uses the local copy of 127 the data. When the client connects to the network, it synchronizes 128 with the current directory content and can optionally receive 129 notification about the changes that occur while it is on-line. For 130 example, a mail client can maintain a local copy of the corporate 131 address book that it synchronizes with the master copy whenever the 132 client is connected to the corporate network. 134 - Applications intending to synchronize heterogeneous data stores. A 135 meta directory application, for instance, would periodically 136 retrieve a list of modified entries from the directory, construct 137 the changes and apply them to a foreign data store. 139 - Clients that need to take certain actions when a directory entry is 140 modified. For instance, an electronic mail repository may want to 141 perform a "create mailbox" task when a new person entry is added to 142 an LDAP directory and a "delete mailbox" task when a person entry 143 is removed. 145 The problem areas not being considered: 147 - directory server to directory server synchronization. The IETF is 148 developing a LDAP replication protocol, called LDUP [RFC3384], 149 which is specifically designed to address this problem area. 151 There are currently several protocols in use for LDAP client server 152 synchronization. While each protocol addresses the needs of a 153 particular group of clients (e.g., on-line clients or off-line 154 clients), none satisfies the requirements of all clients in the 155 target group. For instance, a mobile client that was off-line and 156 wants to become up to date with the server and stay up to date while 157 connected can't be easily supported by any of the existing protocols. 159 LCUP is designed such that the server does not need to maintain state 160 information on behalf of the client. The clients are responsible for 161 storing the information about how up to date they are with respect to 162 the server's content. LCUP design avoids the need for LCUP-specific 163 update agreements to be made between client and server prior to LCUP 164 use. The client decides when and from where to retrieve the changes. 165 LCUP design requires clients to initiate the update session and 166 "pull" the changes from server. 168 LCUP operations are subject to administrative and access control 169 policies enforced by the server. 171 2. Specification of Protocol Elements 173 The following sections define the new elements required to use this 174 protocol. 176 2.1 Universally Unique Identifiers 178 Distinguished names can change, so are therefore unreliable as 179 identifiers. A Universally Unique Identifier (or UUID for short) 180 MUST be used to uniquely identify entries used with LCUP. The UUID 181 is part of the Sync Update control value (see below) returned with 182 each search result. The server SHOULD provide the UUID as a single 183 valued operational attribute of the entry (e.g. "entryUUID"). We 184 RECOMMEND that the server provides a way to do efficient (i.e. 185 indexed) searches for values of UUID e.g. by using a search filter 186 like (entryUUID=) to quickly search for and retrieve 187 an entry based on its UUID. Servers SHOULD use a UUID format as 188 specified in [UUID]. The UUID used by LCUP is a value of the 189 following ASN.1 type: 191 LCUPUUID ::= OCTET STRING 193 2.2 LCUP Scheme and LCUP Cookie 195 The LCUP protocol uses a cookie to hold the state of the client's 196 data with respect to the server's data. Each cookie format is 197 uniquely identified by its scheme. The LCUP Scheme is a value of the 198 following ASN.1 type: 200 LCUPScheme ::= LDAPOID 202 This is the OID which identifies the format of the LCUP Cookie value. 203 The scheme OID, as all object identifiers, MUST be unique for a given 204 cookie scheme. The cookie value may be opaque or it may be exposed 205 to LCUP clients. For cookie schemes that expose their value, the 206 preferred form of documentation is an RFC. It is expected that there 207 will be one or more standards track cookie schemes where the value 208 format is exposed and described in detail. 210 The LCUP Cookie is a value of the following ASN.1 type: 212 LCUPCookie ::= OCTET STRING 214 This is the actual data describing the state of the client's data. 215 This value may be opaque, or its value may have some well-known 216 format, depending on the scheme. 218 Further uses of the LCUP Cookie value are described below. 220 2.3 LCUP Context 222 A part of the DIT which is enabled for LCUP is referred to as an LCUP 223 Context. A server may support one or more LCUP Contexts. For 224 example, a server with two naming contexts may support LCUP in one 225 naming context but not the other, or support different LCUP cookie 226 schemes in each naming context. Each LCUP Context MAY use a 227 different cookie scheme. An LCUP search will not cross an LCUP 228 Context boundary, but will instead return a SearchResultReference 229 message, with the LDAP URL specifying the same host and port as 230 currently being searched, and with the baseDN set to the baseDN of 231 the new LCUP Context. The client is then responsible for issuing 232 another search using the new baseDN, and possibly a different cookie 233 if that LCUP Context uses a different cookie. The client is 234 responsible for maintaining a mapping of the LDAP URL to its 235 corresponding cookie. 237 2.4 Additional LDAP Result Codes defined by LCUP 238 Implementations of this specification SHALL recognize the following 239 additional resultCode values. The LDAP result code names and numbers 240 defined in the following table are to be replaced with IANA assigned 241 result code names and numbers per RFC 3383 [RFC3383]. 243 lcupResourcesExhausted (TBD) the server is running out of resources 244 lcupSecurityViolation (TBD) the client is suspected of malicious 245 actions 246 lcupInvalidData (TBD) invalid scheme or cookie was supplied by 247 the client 248 lcupUnsupportedScheme (TBD) The cookie scheme is a valid OID but is 249 not supported by this server 250 lcupReloadRequired (TBD) indicates that client data needs to be 251 reinitialized. This reason is returned 252 if the server does not contain 253 sufficient information to synchronize 254 the client or if the server's data was 255 reloaded since the last synchronization 256 session 258 The uses of these codes are described below. 260 2.5 Sync Request Control 262 The Sync Request Control is an LDAP Control [RFC2251, Section 4.1.2] 263 where the controlType is the object identifier IANA-ASSIGNED-OID.1 264 and the controlValue, an OCTET STRING, contains a BER-encoded 265 syncRequestControlValue. 267 syncRequestControlValue ::= SEQUENCE { 268 updateType ENUMERATED { 269 syncOnly (0), 270 syncAndPersist (1), 271 persistOnly (2) }, 272 sendCookieInterval INTEGER OPTIONAL, 273 scheme LCUPScheme OPTIONAL, 274 cookie LCUPCookie OPTIONAL 275 } 277 sendCookieInterval - the server SHOULD send the cookie back in the 278 Sync Update control value (defined below) for every 279 sendCookieInterval number of SearchResultEntry and 280 SearchResultReference PDUs returned to the client. For example, if 281 the value is 5, the server SHOULD send the cookie back in the Sync 282 Update control value for every 5 search results returned to the 283 client. If this value is absent, zero or less than zero, the server 284 chooses the interval. 286 The Sync Request Control is only applicable to the searchRequest 287 message. Use of this control is described below. 289 2.6 Sync Update Control 291 The Sync Update Control is an LDAP Control [RFC2251, Section 4.1.2] 292 where the controlType is the object identifier IANA-ASSIGNED-OID.2 293 and the controlValue, an OCTET STRING, contains a BER-encoded 294 syncUpdateControlValue. 296 syncUpdateControlValue ::= SEQUENCE { 297 stateUpdate BOOLEAN, 298 entryUUID LCUPUUID OPTIONAL, -- REQUIRED for entries -- 299 UUIDAttribute AttributeType OPTIONAL, 300 entryLeftSet BOOLEAN, 301 persistPhase BOOLEAN, 302 scheme LCUPScheme OPTIONAL, 303 cookie LCUPCookie OPTIONAL 304 } 306 The field UUIDAttribute contains the name or OID of the attribute 307 that the client should use to perform searches for entries based on 308 the UUID. The client should be able to use it in an equality search 309 filter e.g. "(=)" and should be 310 able to use it in the attribute list of the search request to return 311 its value. The UUIDAttribute field may be omitted if the server does 312 not support searching on the UUID values. 314 The Sync Update Control is only applicable to SearchResultEntry and 315 SearchResultReference messages. Although entryUUID is OPTIONAL, it 316 MUST be used with SearchResultEntry messages. Use of this control is 317 described below. 319 2.7 Sync Done Control 321 The Sync Done Control is an LDAP Control [RFC2251, Section 4.1.2] 322 where the controlType is the object identifier IANA-ASSIGNED-OID.3 323 and the controlValue contains a BER-encoded syncDoneValue. 325 syncDoneValue ::= SEQUENCE { 326 scheme LCUPScheme OPTIONAL, 327 cookie LCUPCookie OPTIONAL 328 } 330 The Sync Done Control is only applicable to SearchResultDone message. 331 Use of this control is described below. 333 3. Protocol Usage and Flow 334 3.1 LCUP Search Requests 336 A client initiates a synchronization or persistent search session 337 with a server by attaching a Sync Request control to an LDAP 338 searchRequest message. The search specification determines the part 339 of the directory information tree (DIT) the client wishes to 340 synchronize with, the set of attributes it is interested in and the 341 amount of data the client is willing to receive. The Sync Request 342 control contains the client's request specification. 344 If there is an error condition, the server MUST immediately return a 345 SearchResultDone message with the resultCode set to an error code. 346 This table maps a condition to its corresponding behavior and 347 resultCode. 349 Condition Behavior or resultCode 351 Sync Request Control is not Server behaves as [RFC2251, Section 352 supported 4.1.2] - specifically, if the 353 criticality of the control is FALSE, 354 the server will process the request 355 as a normal search request 357 Scheme is not supported lcupUnsupportedScheme 359 A control value field is lcupInvalidData 360 invalid (e.g. illegal 361 updateType, or the scheme is 362 not a valid OID, or the cookie 363 is invalid) 365 Server is running out of lcupResourcesExhausted 366 resources 368 Server suspects client of lcupSecurityViolation 369 malicious behavior (frequent 370 connects/disconnects, etc.) 372 The server cannot bring the lcupReloadRequired 373 client up to date (server data 374 has been reloaded, or other 375 changes that prevent 376 convergence) 378 3.1.1 Initial Synchronization and Full Resync 380 For an initial synchronization or full resync, the fields of the Sync 381 Request control MUST be specified as follows: 383 updateType - MUST be set to syncOnly or syncAndPersist 384 sendCookieInterval - MAY be set 385 scheme - MAY be set - if set, the server MUST use this specified 386 scheme or return lcupUnsupportedScheme (see above) - if not set, the 387 server MAY use any scheme it supports. 388 cookie - MUST NOT be set 390 If the request was successful, the client will receive results as 391 described in the section "LCUP Search Responses" below. 393 3.1.2 Incremental or Update Synchronization 395 For an incremental or update synchronization, the fields of the Sync 396 Request control MUST be specified as follows: 398 updateType - MUST be set to syncOnly or syncAndPersist 399 sendCookieInterval - MAY be set 400 scheme - MUST be set 401 cookie - MUST be set 403 The client SHOULD always use the latest cookie it received from the 404 server. 406 If the request was successful, the client will receive results as 407 described in the section "LCUP Search Responses" below. 409 3.1.3 Persistent Only 411 For persistent only search request, the fields of the Sync Request 412 MUST be specified as follows: 414 updateType - MUST be set to persistOnly 415 sendCookieInterval - MAY be set 416 scheme - MAY be set - if set, the server MUST use this specified 417 scheme or return lcupUnsupportedScheme (see above) - if not set, the 418 server MAY use any scheme it supports. 419 cookie - MAY be set, but the server MUST ignore it 421 If the request was successful, the client will receive results as 422 described in the section "LCUP Search Responses" below. 424 3.2 LCUP Search Responses 426 In response to the client's LCUP request, the server returns zero or 427 more SearchResultEntry or SearchResultReference PDU that fits the 428 client's specification, followed by a SearchResultDone PDU. The 429 behavior is as specified in [RFC2251 Section 4.5]. Each 430 SearchResultEntry or SearchResultReference PDU also contains a Sync 431 Update control that describes the LCUP state of the returned entry. 433 The SearchResultDone PDU contains a Sync Done control. The following 434 sections specify behaviors in addition to [RFC2251 Section 4.5]. 436 3.2.1 Sync Update Informational Responses 438 The server may use the Sync Update control to return information not 439 related to a particular entry. It MAY do this at any time to return 440 a cookie to the client, or to inform the client that the sync phase 441 of a syncAndPersist search is complete and the persist phase has 442 begun. It MAY do this during the persist phase even though no entry 443 has changed that would have normally triggered a response. In order 444 to do this it is REQUIRED to return the following: 446 - A SearchResultEntry PDU with the objectName field set to the DN of 447 the baseObject of the search request and with an empty attribute 448 list. 449 - A Sync Update control value with the fields set to the following: 450 stateUpdate - MUST be set to TRUE 451 entryUUID - SHOULD be set to the UUID of the baseObject of the 452 search request 453 entryLeftSet - MUST be set to FALSE 454 persistPhase - MUST be FALSE if the search is in the sync phase 455 of a request, and MUST be TRUE if the search is in the 456 persist phase 457 UUIDAttribute - SHOULD only be set if this is either the first 458 result returned or if the attribute has changed 459 scheme - MUST be set if the cookie is set and the cookie format 460 has changed; otherwise, it MAY be omitted 461 cookie - SHOULD be set 463 If the server merely wants to return a cookie to the client, it 464 should return as above with the cookie field set. 466 During a syncAndPersist request, the server MUST return as above 467 immediately after the last entry of the sync phase has been sent and 468 before the first entry of the persist phase has been sent. In this 469 case, the persistPhase field MUST be set to TRUE. This lets the 470 client know that the sync phase is complete and the persist phase is 471 starting. 473 3.2.2 Cookie Return Frequency 475 The cookie field of the Sync Update control value MAY be set in any 476 returned result, during both the sync phase and the persist phase. 477 The server should return the cookie to the client often enough for 478 the client to resync in a reasonable period of time in case the 479 search is disconnected or otherwise terminated. The 480 sendCookieInterval field in the Sync Request control is a suggestion 481 to the server of how often to return the cookie in the Sync Update 482 control. The server SHOULD respect this value. 484 The scheme field of the Sync Update control value MUST be set if the 485 cookie is set and the cookie format has changed; otherwise, it MAY be 486 omitted. 488 Some clients may have unreliable connections, for example, a wireless 489 device or a WAN connection. These clients may want to insure that 490 the cookie is returned often in the Sync Update control value, so 491 that if they have to reconnect, they do not have to process many 492 redundant entries. These clients should set the sendCookieInterval 493 in the Sync Request control value to a low number, perhaps even 1. 494 Some clients may have a limited bandwidth connection, and may not 495 want to receive the cookie very often, or even at all (however, the 496 cookie is always sent back in the Sync Done control value upon 497 successful completion). These clients should set the 498 sendCookieInterval in the Sync Request control value to a high 499 number. 501 A reasonable behavior of the server is to return the cookie only when 502 data in the LCUP context has changed, even if the client has 503 specified a frequent sendCookieInterval. If nothing has changed, the 504 server can probably save some bandwidth by not returning the cookie. 506 3.2.3 Definition of an Entry That Has Entered the Result Set 508 An entry SHALL BE considered to have entered the client's search 509 result set if one of the following conditions is met: 511 - During the sync phase for an incremental sync operation, the entry 512 is present in the search result set but was not present before; this 513 can be due to the entry being added via an LDAP Add operation, or by 514 the entry being moved into the result set by an LDAP Modify DN 515 operation, or by some modification to the entry that causes it to 516 enter the result set (e.g. adding an attribute value that matches the 517 clients search filter), or by some meta-data change that causes the 518 entry to enter the result set (e.g. relaxing of some access control 519 that permits the entry to be visible to the client) 521 - During the persist phase for a persistent search operation, the 522 entry enters the search result set; this can be due to the entry 523 being added via an LDAP Add operation, or by the entry being moved 524 into the result set by an LDAP Modify DN operation, or by some 525 modification to the entry that causes it to enter the result set 526 (e.g. adding an attribute value that matches the clients search 527 filter), or by some meta-data change that causes the entry to enter 528 the result set (e.g. relaxing of some access control that permits the 529 entry to be visible to the client) 531 3.2.4 Definition of an Entry That Has Changed 533 An entry SHALL BE considered to be changed if one or more of the 534 attributes in the attribute list in the search request have been 535 modified. For example, if the search request listed the attributes 536 "cn sn uid", and there is an entry in the client's search result set 537 with the "cn" attribute that has been modified, the entry is 538 considered to be modified. The modification may be due to an LDAP 539 Modify operation or by some change to the meta-data for the entry 540 (e.g. virtual attributes) that causes some change to the value of the 541 specified attributes. 543 The converse of this is that an entry SHALL NOT BE considered to be 544 changed if none of the attributes in the attribute list of the search 545 request are modified attributes of the entry. For example, if the 546 search request listed the attributes "cn sn uid", and there is an 547 entry in the client's search result set with the "foo" attribute that 548 has been modified, and none of the "cn" or "sn" or "uid" attributes 549 have been modified, the entry is NOT considered to be changed. 551 3.2.5 Definition of an Entry That Has Left the Result Set 553 An entry SHALL BE considered to have left the client's search result 554 set if one of the following conditions is met: 556 - During the sync phase for an incremental sync operation, the entry 557 is not present in the search result set but was present before; this 558 can be due to the entry being deleted via an LDAP Delete operation, 559 or by the entry leaving the result set via an LDAP Modify DN 560 operation, or by some modification to the entry that causes it to 561 leave the result set (e.g. changing/removing an attribute value so 562 that it no longer matches the client's search filter), or by some 563 meta-data change that causes the entry to leave the result set (e.g. 564 adding of some access control that denies the entry to be visible to 565 the client) 567 - During the persist phase for a persistent search operation, the 568 entry leaves the search result set; this can be due to the entry 569 being deleted via an LDAP Delete operation, or by the entry leaving 570 the result set via an LDAP Modify DN operation, or by some 571 modification to the entry that causes it to leave the result set 572 (e.g. changing/removing an attribute value so that it no longer 573 matches the client's search filter), or by some meta-data change that 574 causes the entry to leave the result set (e.g. adding of some access 575 control that denies the entry to be visible to the client). 577 3.2.6 Results For Entries Present in the Result Set 578 An entry SHOULD be returned as present under the following 579 conditions: 581 - The request is an initial synchronization or full resync request 582 and the entry is present in the client's search result set 583 - The request is an incremental synchronization and the entry has 584 changed or entered the result set since the last sync 585 - The search is in the persist phase and the entry enters the result 586 set or changes 588 For a SearchResultEntry return, the fields of the Sync Update control 589 value MUST be set as follows: 591 stateUpdate - MUST be set to FALSE 592 entryUUID - MUST be set to the UUID of the entry 593 entryLeftSet - MUST be set to FALSE 594 persistPhase - MUST be set to FALSE if during the sync phase or 595 TRUE if during the persist phase 596 UUIDAttribute - SHOULD only be set if this is either the first 597 result returned or if the attribute has changed 598 scheme - as above 599 cookie - as above 601 The searchResultReference return will look the same, except that the 602 entryUUID is not required. If it is specified, it MUST contain the 603 UUID of the DSE holding the reference knowledge. 605 3.2.7 Results For Entries That Have Left the Result Set 607 An entry SHOULD be returned as having left the result set under the 608 following conditions: 610 - The request is an incremental synchronization during the sync phase 611 and the entry has left the result set 612 - The search is in the persist phase and the entry has left the 613 result set 615 An entry SHOULD be returned as having left the result set under the 616 following conditions: 618 - The entry has left the result set as a result of an LDAP Delete or 619 LDAP Modify DN operation against the entry itself (i.e. not as a 620 result of an operation against its parent or ancestor) 622 For a SearchResultEntry return where the entry has left the result 623 set, the fields of the Sync Update control value MUST be set as 624 follows: 626 stateUpdate - MUST be set to FALSE 627 entryUUID - MUST be set to the UUID of the entry that left the 628 result set 629 entryLeftSet - MUST be set to TRUE 630 persistPhase - MUST be set to FALSE if during the sync phase or 631 TRUE if during the persist phase 632 UUIDAttribute - SHOULD only be set if this is either the first 633 result returned or if the attribute has changed 634 scheme - as above 635 cookie - as above 637 The searchResultReference return will look the same, except that the 638 entryUUID is not required. If it is specified, it MUST contain the 639 UUID of the DSE holding the reference knowledge. 641 Some server implementations keep track of deleted entries using a 642 tombstone - a hidden entry that keeps track of the state, but not all 643 of the data, of an entry that has been deleted. In this case, the 644 tombstone may not contain all of the original attributes of the 645 entry, and therefore it may be impossible for the server to determine 646 if an entry should be removed from the result set based on the 647 attributes in the client's search request. Servers SHOULD keep 648 enough information about the attributes in the deleted entries to 649 determine if an entry should be removed from the result set. Since 650 this may not be possible, the server MAY return an entry as having 651 left the result set even if it is not or never was in the client's 652 result set. Clients MUST ignore these notifications. 654 3.3 Responses Requiring Special Consideration 656 The following sections describe special handling that may be required 657 when returning results. 659 3.3.1 Returning Results During the Persistent Phase 661 During the persistent phase, the server SHOULD return the changed 662 entries to the client as quickly as possible. 664 3.3.2 No Mixing of Sync Phase with Persist Phase 666 During a sync phase, the server MUST NOT return any entries with the 667 persistPhase flag set to TRUE, and during the persist phase, all 668 entries returned MUST have the persistPhase flag set to TRUE. The 669 server MUST NOT mix and match sync phase entries with persist phase 670 entries. If there are any sync phase entries to return, they MUST be 671 returned before any persist phase entries are returned. 673 3.3.3 Returning Updated Results During the Sync Phase 674 There may be updates to the entries in the result set of a sync phase 675 search during the actual search operation. If the DSA is under a 676 heavy update load, and it attempts to send all of those updated 677 entries to the client in addition to the other updates it was already 678 planning to send for the sync phase, the server may never get to the 679 end of the sync phase. Therefore, it is left up to the discretion of 680 the server implementation to decide when the client is "in sync" - 681 that is, when to end a syncOnly request, or when to send the Sync 682 Update Informational Response between the sync phase and the persist 683 phase of a syncAndPersist request. The server MAY send the same 684 entry multiple times during the sync phase if the entry changes 685 during the sync phase. 687 A reasonable behavior is for the server to generate a cookie based on 688 the server state at the time the client initiated the LCUP request, 689 and only send entries up to that point during the sync phase. 690 Entries updated after that point will be returned only during the 691 persist phase of a syncAndPersist request, or only upon an 692 incremental synchronization. 694 3.3.4 Operational Attributes and Administrative Entries 696 An operational attribute MUST be returned if it is specified in the 697 attributes list and would normally be returned as subject to the 698 constraints of [RFC2251 Section 4.5]. 700 LDAP Subentries [SUBENTRY] MUST be returned if they would normally be 701 returned by the search request. 703 3.3.5 Virtual Attributes 705 An entry may have attributes whose presence in the entry, or presence 706 of values of the attribute, is generated on the fly, possibly by some 707 mechanism outside of the entry, elsewhere in the DIT. An example of 708 this is collective attributes [COLLECTIVE]. These attributes shall 709 be referred to in this document as virtual attributes. 711 LCUP treats these attributes the same way as normal, non-virtual 712 attributes. One consequence of this is that if you change the 713 definition of a virtual attribute such that it makes the value of 714 that attribute change in many entries in the client's search scope, 715 this means that a server may have to return many entries to the 716 client as a result of that one change. It is not anticipated that 717 this will be a frequent occurrence, and the server has the option to 718 simply force the client to resync if necessary. 720 It is also possible that a future LDAP control will allow the client 721 to request only virtual or only non-virtual attributes. 723 3.3.6 Modify DN and Delete Operations Applied to Subtrees 725 There is a special case where a Modify DN or a Delete operation is 726 applied to the base entry of a subtree, and either that base entry or 727 entries in the subtree are within the scope of an LCUP search 728 request. In this case, all of the entries in the subtree are 729 implicitly renamed or removed. 731 In either of these cases, the server MUST do one of the following: 732 - treat all of these entries as having been renamed or removed and 733 return each entry to the client as such 734 - decide that this would be prohibitively expensive, and force the 735 client to resync 737 If the search base object has been renamed, and the client has 738 received a noSuchObject as the result of a search request, the client 739 MAY use the entryUUID and UUIDAttribute to locate the new DN that is 740 the result of the modify DN operation. 742 3.3.7 Convergence Guarantees 744 If at any time during an LCUP search, either during the sync phase or 745 the persist phase, the server determines that it cannot guarantee 746 that it can bring the client's copy of the data to eventual 747 convergence, it SHOULD immediately terminate the LCUP search request 748 and return a SearchResultDone message with a resultCode of 749 lcupReloadRequired. This can also happen at the beginning of an 750 incremental synchronization request, if the client presents a cookie 751 that is out of date or otherwise unable to be processed. The client 752 should then issue an initial synchronization request. 754 This can happen, for example, if the data on the server is reloaded, 755 or if there has been some change to the meta-data that makes it 756 impossible for the server to determine if a particular entry should 757 or should not be part of the search result set, or if the meta-data 758 change makes it too resource intensive for the server to calculate 759 the proper result set. 761 The server can also return lcupReloadRequired if it determines that 762 it would be more efficient for the client to perform a reload, for 763 example, if too many entries have changed and a simple reload would 764 be much faster. 766 3.4 LCUP Search Termination 768 3.4.1 Server Initiated Termination 770 When the server has successfully finished processing the client's 771 request, it attaches a Sync Done control to the SearchResultDone 772 message and sends it to the client. However, if the SearchResultDone 773 message contains a resultCode that is not success or 774 lcupClientDisconnect, the Sync Done control MAY be omitted. Although 775 the LCUP cookie is OPTIONAL in the Sync Done control value, it MUST 776 be set if the SearchResultDone resultCode is success or 777 lcupClientDisconnect. The server SHOULD also set the cookie if the 778 resultCode is lcupResourcesExhausted, timeLimitExceeded, 779 sizeLimitExceeded, or adminLimitExceeded. This allows the client to 780 more easily resync later. If some error occurred, either an LDAP 781 search error (e.g. insufficientAccessRights) or an LCUP error (e.g. 782 lcupUnsupportedScheme), the cookie MAY be omitted. If the cookie is 783 set, the scheme MUST be set also if the cookie format has changed, 784 otherwise, it MAY be omitted. 786 If server resources become tight, the server can terminate one or 787 more search operations by sending a SearchResultDone message to the 788 client(s) with a resultCode of lcupResourcesExhausted. The server 789 SHOULD attach a Sync Done control with the cookie set. A server side 790 policy is used to decide which searches to terminate. This can also 791 be used as a security mechanism to disconnect clients that are 792 suspected of malicious actions, but if the server can infer that the 793 client is malicious, the server SHOULD return lcupSecurityViolation 794 instead. 796 3.4.2 Client Initiated Termination 798 If the client needs to terminate the synchronization process and it 799 wishes to obtain the cookie that represents the current state of its 800 data, it issues an LDAP Cancel operation [CANCEL]. The server 801 responds immediately with a LDAP Cancel response [CANCEL]. The 802 server MAY send any pending SearchResultEntry or 803 SearchResultReference PDUs if the server cannot easily abort or 804 remove those search results from its outgoing queue. The server 805 SHOULD send as few of these remaining messages as possible. Finally, 806 the server sends the message SearchResultDone with the Sync Done 807 control attached. If the search was successful up to that point, the 808 resultCode field of the SearchResultDone message MUST be canceled 809 [CANCEL], and the cookie MUST be set in the Sync Done control. If 810 there is an error condition, the server MAY return as described in 811 section 3.4.1 above, or MAY return as described in [CANCEL]. 813 If the client is not interested in the state information, it can 814 simply abandon the search operation or disconnect from the server. 816 3.5 Protocol Flow 818 The client server interaction can proceed in three different ways 819 depending on the client's requirements. Protocol flows beginning 820 with an asterisk (*) are optional or conditional. 822 824 3.6 Size and Time Limits 826 The server SHALL support size and time limits as specified in 827 [RFC2251, Section 5]. The server SHOULD ensure that if the operation 828 is terminated due to these conditions, the cookie is sent back to the 829 client. 831 3.7 Operations on the Same Connection 833 It is permissible for the client to issue other LDAP operations on 834 the connection used by the protocol. Since each LDAP request/response 835 carries a message id there will be no ambiguity about which PDU 836 belongs to which operation. By sharing the connection among multiple 837 operations, the server will be able to conserve its resources. 839 3.8 Interactions with Other Controls 841 LCUP defines neither restrictions nor guarantees about the ability to 842 use the controls defined in this document in conjunction with other 843 LDAP controls, except for the following: A server MAY ignore non- 844 critical controls supplied with the LCUP control. A server MAY 845 ignore an LCUP defined control if it is non-critical and it is 846 supplied with other critical controls. If a server receives a 847 critical LCUP control with another critical control, and the server 848 does not support both controls at the same time, the server SHOULD 849 return unavailableCriticalExtension. 851 It is up to the server implementation to determine if the server 852 supports controls such as the Sort or VLV or similar controls that 853 change the order of the entries sent to the client. But note that it 854 may be difficult or impossible for a server to perform an incremental 855 synchronization in the presence of such controls, since the cookie 856 will typically be based off a change number, or CSN, or timestamp, or 857 some criteria other than an alphabetical order. 859 4. Client Side Considerations 861 4.1 Using Cookies with Different Search Criteria 863 The cookie received from the server after a synchronization session 864 SHOULD only be used with the same search specification as the search 865 that generated the cookie. Some servers MAY allow the cookie to be 866 used with a more restrictive search specification than the search 867 that generated the cookie. If the server does not support the 868 cookie, it MUST return lcupInvalidCookie. This is because the client 869 can end up with an incomplete data store otherwise. A more 870 restrictive search specification is one that would generate a subset 871 of the data produced by the original search specification. 873 4.2 Renaming the Base Object 875 Because an LCUP client specifies the area of the tree with which it 876 wishes to synchronize through the standard LDAP search specification, 877 the client can be returned noSuchObject error if the root of the 878 synchronization area was renamed between the synchronization sessions 879 or during a synchronization session. If this condition occurs, the 880 client can attempt to locate the root by using the root's UUID saved 881 in client's local data store. It then can repeat the synchronization 882 request using the new search base. In general, a client can detect 883 that an entry was renamed and apply the changes received to the right 884 entry by using the UUID rather than DN based addressing. 886 4.3 Use of Persistent Searches With Respect to Resources 888 Each active persistent operation requires that an open TCP connection 889 be maintained between an LDAP client and an LDAP server that might 890 not otherwise be kept open. Therefore, client implementors are 891 encouraged to avoid using persistent operations for non-essential 892 tasks and to close idle LDAP connections as soon as practical. The 893 server may close connections if server resources become tight. 895 4.4 Continuation References to Other LCUP Contexts 897 The client MAY receive a continuation reference 898 (SearchResultReference [RFC2251 SECTION 4.5.3]) if the search request 899 spans multiple parts of the DIT, some of which may require a 900 different LCUP cookie, some of which may not even be managed by LCUP. 901 The client SHOULD maintain a cache of the LDAP URLs returned in the 902 continuation references and the cookies associated with them. The 903 client is responsible for performing another LCUP search to follow 904 the references, and SHOULD use the cookie corresponding to the LDAP 905 URL for that reference (if it has a cookie). 907 4.5 Referral Handling 909 The client may receive a referral (Referral [RFC2251 SECTION 4.1.11]) 910 when the search base is a subordinate reference, and this will end 911 the operation. 913 4.6 Multiple Copies of Same Entry During Sync Phase 915 The server MAY send the same entry multiple times during a sync phase 916 if the entry changes during the sync phase. The client SHOULD use 917 the last sent copy of the entry as the current one. 919 4.7 Handling Server Out of Resources Condition 921 If the client receives an lcupResourcesExhausted or 922 lcupSecurityViolation resultCode, the client SHOULD wait at least 5 923 seconds before attempting another operation. It is RECOMMENDED that 924 the client use an exponential backoff strategy, but different clients 925 may want to use different backoff strategies. 927 5. Server Implementation Considerations 929 5.1 Server Support for UUIDs 931 Servers MUST support UUIDs. UUIDs are required in the Sync Update 932 control. Additionally, server implementers SHOULD make the UUID 933 values for the entries available as an attribute of the entry, and 934 provide indexing or other mechanisms to allow clients to search for 935 an entry using the UUID attribute in the search filter. The 936 syncUpdate control provides a field UUIDAttribute to allow the server 937 to let the client know the name or OID of the attribute to use to 938 search for an entry by UUID. 940 5.2 Example of Using an RUV as the Cookie Value 942 By design, the protocol supports multiple cookie schemes. This is to 943 allow different implementations the flexibility of storing any 944 information applicable to their environment. A reasonable 945 implementation for an LDUP compliant server would be to use the 946 Replica Update Vector (RUV). For each master, RUV contains the 947 largest CSN seen from this master. In addition, RUV implemented by 948 some directory servers (not yet in LDUP) contains replica generation 949 - an opaque string that identifies the replica's data store. The 950 replica generation value changes whenever the replica's data is 951 reloaded. Replica generation is intended to signal the 952 replication/synchronization peers that the replica's data was 953 reloaded and that all other replicas need to be reinitialized. RUV 954 satisfies the three most important properties of the cookie: (1) it 955 uniquely identifies the state of client's data, (2) it can be used to 956 synchronize with multiple servers, and (3) it can be used to detect 957 that the server's data was reloaded. If RUV is used as the cookie, 958 entries last modified by a particular master must be sent to the 959 client in the order of their last modified CSN. This ordering 960 guarantees that the RUV can be updated after each entry is sent. 962 5.3 Cookie Support Issues 964 5.3.1 Support for Multiple Cookie Schemes 966 A server may support one or more LCUP cookie schemes. It is expected 967 that schemes will be published along with their OIDs as RFCs. The 968 server's DIT may be partitioned into different sections which may 969 have different cookies associated with them. For example, some 970 servers may use some sort of replication mechanism to support LCUP. 971 If so, the DIT may be partitioned into multiple replicas. A client 972 may send an LCUP search request that spans multiple replicas. Some 973 parts of the DIT spanned by the search request scope may support LCUP 974 and some may not. The server MUST send a SearchResultReference 975 [RFC2251, SECTION 4.5.3] when the LCUP Context for a returned entry 976 changes. The server SHOULD send all references to other LCUP 977 Contexts in the search scope first, in order to allow the clients to 978 process these searches in parallel. The LDAP URL(s) returned MUST 979 contain the DN(s) of the base of another section of the DIT (however 980 the server implementation has partitioned the DIT). The client will 981 then issue another LCUP search using the LDAP URL returned. Each 982 section of the DIT MAY require a different cookie value, so the 983 client SHOULD maintain a cache, mapping the different LDAP URL values 984 to different cookies. If the cookie changes, the scheme may change 985 as well, but the cookie scheme MUST be the same within a given LCUP 986 Context. 988 5.3.2 Information Contained in the Cookie 990 The cookie must contain enough information to allow the server to 991 determine whether the cookie can be safely used with the search 992 specification it is attached to. As discussed earlier in the 993 document, the cookie SHOULD only be used with the search 994 specification that is equal to the one for which the cookie was 995 generated, but some servers MAY support using a cookie with a search 996 specification that is more restrictive than the one used to generate 997 the cookie. 999 5.4 Persist Phase Response Time 1001 The specification makes no guarantees about how soon a server should 1002 send notification of a changed entry to the client during the persist 1003 phase. This is intentional as any specific maximum delay would be 1004 impossible to meet in a distributed directory service implementation. 1005 Server implementers are encouraged to minimize the delay before 1006 sending notifications to ensure that clients' needs for timeliness of 1007 change notification are met. 1009 5.5 Scaling Considerations 1011 Implementers of servers that support the mechanism described in this 1012 document should ensure that their implementation scales well as the 1013 number of active persistent operations and the number of changes made 1014 in the directory increases. Server implementers are also encouraged 1015 to support a large number of client connections if they need to 1016 support large numbers of persistent operations. 1018 5.6 Alias Dereferencing 1020 LCUP design does not consider issues associated with alias 1021 dereferencing in search. Clients MUST specify derefAliases as either 1022 neverDerefAliases or derefFindingBaseObj. Servers are to return 1023 protocolError if the client specifies either derefInSearching or 1024 derefAlways. 1026 6. Synchronizing Heterogeneous Data Stores 1028 Clients, like a meta directory join engine, synchronizing multiple 1029 writable data stores, will only work correctly if each piece of 1030 information comes from a single authoritative data source. In a 1031 replicated environment, an LCUP Context should employ the same 1032 conflict resolution scheme across all its replicas. This is because 1033 different systems have different notions of time and different update 1034 resolution procedures. As a result, a change applied on one system 1035 can be discarded by the other, thus preventing the data stores from 1036 converging. 1038 Security Considerations 1040 In some situations, it may be important to prevent general exposure 1041 of information about changes that occur in an LDAP server. 1042 Therefore, servers that implement the mechanism described in this 1043 document SHOULD provide a means to enforce access control on the 1044 entries returned and MAY also provide specific access control 1045 mechanisms to control the use of the controls and extended operations 1046 defined in this document. 1048 As with normal LDAP search requests, a malicious client can initiate 1049 a large number of persistent search requests in an attempt to consume 1050 all available server resources and deny service to legitimate 1051 clients. The protocol provides the means to stop malicious clients 1052 by disconnecting them from the server. The servers that implement the 1053 mechanism SHOULD provide the means to detect the malicious clients. 1054 In addition, the servers SHOULD provide the means to limit the number 1055 of resources that can be consumed by a single client. 1057 Normative References 1059 [RFC2026] Bradner, S., "The Internet Standards Process -- Revision 1060 3", BCP 9, RFC 2026, October 1996. 1062 [RFC2119] S. Bradner, "Key words for use in RFCs to Indicate 1063 Requirement Levels", BCP 14 (also RFC 2119), March 1997. 1065 [RFC2251] M. Wahl, T. Howes, S. Kille, "Lightweight Directory 1066 Access Protocol (v3)", RFC 2251, December 1997. 1068 [RFC2252] M. Wahl, A. Coulbeck, T. Howes, S. Kille, "Lightweight 1069 Directory Access Protocol (v3): Attribute Syntax 1070 Definitions", RFC 2252, December 1997. 1072 [X.680] ITU-T, "Abstract Syntax Notation One (ASN.1) - 1073 Specification of Basic Notation", X.680, 1994. 1075 [X.690] ITU-T, "Specification of ASN.1 encoding rules: Basic, 1076 Canonical, and Distinguished Encoding Rules", X.690, 1077 1994. 1079 [CANCEL] K. Zeilenga, "LDAP Cancel Extended Operation", draft- 1080 zeilenga-ldap-cancel-xx.txt, a work in progress. 1082 [UUID] International Organization for Standardization (ISO), 1083 "Information technology - Open Systems Interconnection - 1084 Remote Procedure Call", ISO/IEC 11578:1996. 1086 Informative References 1088 [RFC3383] K. Zeilenga, "IANA Considerations for LDAP", BCP 64 also 1089 RFC 3383), September 2002. 1091 [RFC3384] E. Stokes, et. al., "LDAPv3 Replication Requirements", 1092 RFC3384, October 2002. 1094 [SUBENTRY] K. Zeilenga, S. Legg, "Subentries in LDAP", draft- 1095 zeilenga-ldap-subentry-xx.txt, a work in progress. 1097 [COLLECTIVE] K. Zeilenga, "Collective Attributes in LDAP", draft- 1098 zeilenga-ldap-collective-xx.txt, a work in progress. 1100 Acknowledgments 1102 The LCUP protocol is based in part on the Persistent Search Change 1103 Notification Mechanism defined by Mark Smith, Gordon Good, Tim Howes, 1104 and Rob Weltman, the LDAPv3 Triggered Search Control defined by Mark 1105 Wahl, and the LDAP Control for Directory Synchronization defined by 1106 Michael Armijo. The members of the IETF LDUP working group made 1107 significant contributions to this document. 1109 Author's Addresses 1111 Rich Megginson 1112 Netscape Communications Corp., an America Online company. 1114 360 W. Caribbean Drive 1115 Sunnyvale, CA 94089 1116 USA 1117 Phone: +1 505 797-7762 1118 Email: richm@netscape.com 1120 Olga Natkovich 1121 Yahoo, Inc. 1122 701 First Ave. 1123 Sunnyvale, CA 94089 1124 Phone: +1 408 349-6153 1125 Email: olgan@yahoo-inc.com 1127 Mark Smith 1128 Netscape Communications Corp., an America Online company. 1129 360 W. Caribbean Drive 1130 Sunnyvale, CA 94089 1131 USA 1132 Phone: +1 650 937-3477 1133 Email: mcs@netscape.com 1135 Jeff Parham 1136 Microsoft Corporation 1137 One Microsoft Way 1138 Redmond, WA 98052-6399 1139 Phone: +1 425 882-8080 1140 Email: jeffparh@microsoft.com 1142 Full Copyright Statement 1144 Copyright (C) The Internet Society (2002). All Rights Reserved. 1146 This document and translations of it may be copied and furnished to 1147 others, and derivative works that comment on or otherwise explain it 1148 or assist in its implementation may be prepared, copied, published 1149 and distributed, in whole or in part, without restriction of any 1150 kind, provided that the above copyright notice and this paragraph are 1151 included on all such copies and derivative works. However, this 1152 document itself may not be modified in any way, such as by removing 1153 the copyright notice or references to the Internet Society or other 1154 Internet organizations, except as needed for the purpose of 1155 developing Internet standards in which case the procedures for 1156 copyrights defined in the Internet Standards process must be 1157 followed, or as required to translate it into languages other than 1158 English. 1160 The limited permissions granted above are perpetual and will not be 1161 revoked by the Internet Society or its successors or assigns. 1163 This document and the information contained herein is provided on an 1164 "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING 1165 TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING 1166 BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION 1167 HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF 1168 MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 1170 Appendix - Features Left Out of LCUP 1172 There are several features present in other protocols or considered 1173 useful by clients that are currently not included in the protocol 1174 primarily because they are difficult to implement on the server. 1175 These features are briefly discussed in this section. 1177 Triggered Search Change Type 1179 This feature is present in the Triggered Search specification. A flag 1180 is attached to each entry returned to the client indicating the 1181 reason why this entry is returned. The possible reasons from the 1182 draft are 1183 - notChange: the entry existed in the directory and matched the 1184 search at the time the operation is being performed, 1185 - enteredSet: the entry entered the result, 1186 - leftSet: the entry left the result, 1187 - modified: the entry was part of the result set, was modified or 1188 renamed, and still is in the result set. 1190 The leftSet feature is particularly useful because it indicates to 1191 the client that an entry is no longer within the client's search 1192 specification and the client can remove the associated data from its 1193 data store. Ironically, this feature is the hardest to implement on 1194 the server because the server does not keep track of the client's 1195 state and has no easy way of telling which entries moved out of scope 1196 between synchronization sessions with the client. A compromise could 1197 be reached by only providing this feature for the operations that 1198 occur while the client is connected to the server. This is easier to 1199 accomplish because the decision about the change type can be made 1200 based only on the change without need for any historical information. 1201 This, however, would add complexity to the protocol. 1203 Persistent Search Change Type 1205 This feature is present in the Persistent Search specification. 1206 Persistent search has the notion of changeTypes. The client specifies 1207 which type of updates will cause entries to be returned, and 1208 optionally whether the server tags each returned entry with the type 1209 of change that caused that entry to be returned. 1211 For LCUP, the intention is full synchronization, not partial. Each 1212 entry returned by an LCUP search will have some change associated 1213 with it that may concern the client. The client may have to have a 1214 local index of entries by DN or UUID to determine if the entry has 1215 been added or just modified. It is easy for clients to determine if 1216 the entry has been deleted because the entryLeftSet value of the Sync 1217 Update control will be TRUE. 1219 Sending Changes 1221 Some earlier synchronization protocols sent the client(s) only the 1222 modified attributes of the entry rather than the entire entry. While 1223 this approach can significantly reduce the amount of data returned to 1224 the client, it has several disadvantages. First, unless a separate 1225 mechanism (like the change type described above) is used to notify 1226 the client about entries moving into the search scope, sending only 1227 the changes can result in the client having an incomplete version of 1228 the data. Let's consider an example. An attribute of an entry is 1229 modified. As a result of the change, the entry enters the scope of 1230 the client's search. If only the changes are sent, the client would 1231 never see the initial data of the entry. Second, this feature is hard 1232 to implement since the server might not contain sufficient 1233 information to construct the changes based solely on the server's 1234 state and the client's cookie. On the other hand, this feature can be 1235 easily implemented by the client assuming that the client has the 1236 previous version of the data and can perform value by value 1237 comparisons. 1239 Data Size Limits 1241 Some earlier synchronization protocols allowed clients to control the 1242 amount of data sent to them in the search response. This feature was 1243 intended to allow clients with limited resources to process 1244 synchronization data in batches. However, an LDAP search operation 1245 already provides the means for the client to specify the size limit 1246 by setting the sizeLimit field in the SearchRequest to the maximum 1247 number of entries the client is willing to receive. While the 1248 granularity is not the same, the assumption is that regular LDAP 1249 clients that can deal with the limitations of the LDAP protocol will 1250 implement LCUP. 1252 Data Ordering 1254 Some earlier synchronization protocols allowed a client to specify 1255 that parent entries should be sent before the children for add 1256 operations and children entries sent before their parents during 1257 delete operations. This ordering helps clients to maintain a 1258 hierarchical view of the data in their data store. While possibly 1259 useful, this feature is relatively hard to implement and is expensive 1260 to perform.