idnits 2.17.1 draft-zeilenga-ldap-noop-02.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Looks like you're using RFC 2026 boilerplate. This must be updated to follow RFC 3978/3979, as updated by RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** The document seems to lack a 1id_guidelines paragraph about 6 months document validity -- however, there's a paragraph with a matching beginning. Boilerplate error? ** The document seems to lack a 1id_guidelines paragraph about the list of current Internet-Drafts -- however, there's a paragraph with a matching beginning. Boilerplate error? ** The document seems to lack a 1id_guidelines paragraph about the list of Shadow Directories. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not match the current year == Line 218 has weird spacing: '...for the purpo...' == The document seems to lack the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords -- however, there's a paragraph with a matching beginning. Boilerplate error? (The document does seem to have the reference to RFC 2119 which the ID-Checklist requires). -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (30 June 2003) is 7606 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 2251 (Obsoleted by RFC 4510, RFC 4511, RFC 4512, RFC 4513) ** Obsolete normative reference: RFC 3377 (Obsoleted by RFC 4510) -- Obsolete informational reference (is this intentional?): RFC 3383 (Obsoleted by RFC 4520) Summary: 6 errors (**), 0 flaws (~~), 3 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 INTERNET-DRAFT Kurt D. Zeilenga 3 Intended Category: Standard Track OpenLDAP Foundation 4 Expires in six months 30 June 2003 6 The LDAP No-Op Control 7 9 Status of this Memo 11 This document is an Internet-Draft and is in full conformance with all 12 provisions of Section 10 of RFC2026. 14 This document is intended to be, after appropriate review and 15 revision, submitted to the IESG for consideration as a Standard Track 16 document. Distribution of this memo is unlimited. Technical 17 discussion of this document will take place on the IETF LDAP 18 Extensions Working Group mailing list . Please send 19 editorial comments directly to the author . 21 Internet-Drafts are working documents of the Internet Engineering Task 22 Force (IETF), its areas, and its working groups. Note that other 23 groups may also distribute working documents as Internet-Drafts. 24 Internet-Drafts are draft documents valid for a maximum of six months 25 and may be updated, replaced, or obsoleted by other documents at any 26 time. It is inappropriate to use Internet-Drafts as reference 27 material or to cite them other than as ``work in progress.'' 29 The list of current Internet-Drafts can be accessed at 30 . The list of 31 Internet-Draft Shadow Directories can be accessed at 32 . 34 Copyright (C) The Internet Society (2003). All Rights Reserved. 36 Please see the Full Copyright section near the end of this document 37 for more information. 39 Abstract 41 This document defines the Lightweight Directory Access Protocol (LDAP) 42 No-Op control which can be used to disable the normal effect of an 43 operation. The control can be used to discover how a server might 44 react to a particular update request without updating the directory. 46 1. Overview 48 It is often desirable to be able to determine if a directory [X.500] 49 operation would successful complete or not without having the normal 50 effect of the operation take place. For example, an administrative 51 client might want to verify that new user could update their entry 52 (and not other entries) without the directory actually being updated. 53 The mechanism could be used to build more sophisticated security 54 auditing tools. 56 This document defines the Lightweight Directory Access Protocol (LDAP) 57 [RFC3377] No-Op control. The presence of the No-Op control in an 58 operation request message disables the normal effect of the operation. 60 For example, when present in a LDAP modify operation [RFC2251], the 61 modify operation will do all processing necessary to perform the 62 operation but not actually modify the directory. 64 The No-Op control is not intended to be used by user clients to 65 determine "effective rights". 67 1.1. Terminology 69 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 70 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 71 document are to be interpreted as described in BCP 14 [RFC2119]. 73 DN stands for Distinguished Name. 74 DSA stands for Directory System Agent. 75 DSE stands for DSA-specific entry. 77 2. No-Op Control 79 The No-Op control is an LDAP Control [RFC2251] whose controlType is 80 1.3.6.1.4.1.4203.1.10.2, criticality is TRUE, and controlValue is 81 absent. Criticality of TRUE is REQUIRED to prevent unintended 82 modification of the directory. There is no corresponding response 83 control. 85 The control is appropriate for LDAP Add, Delete, Modify and ModifyDN 86 operations [RFC2251]. 88 When the control is attached to an LDAP request, the server SHALL do 89 all normal processing possible for the operation without modification 90 of the directory. That is, when the control is attached to an LDAP 91 request, that operation SHALL NOT return success (0). 93 A result code other than noOperation (TBD) means that the server is 94 not able or willing to complete the processing for the reasons 95 indicated by the result code. A result code of noOperation (TBD) 96 indicates that the server found no reason why the operation would fail 97 if submitted without the No-Op control. 99 Servers SHOULD indicate their support for this control by providing 100 1.3.6.1.4.1.4203.1.10.2 as a value of the supportedControl attribute 101 type in their root DSE entry. A server MAY choose to advertise this 102 extension only when the client is authorized to use this operation. 104 3. Security Considerations 106 The No-Op control mechanism allows directory administrators (and 107 users) to verify that access control and other administrative policy 108 controls are properly configured. The mechanism may also lead to the 109 development (and deployment) of more sophisticated security auditing 110 tools. 112 The No-Op control mechanism is believed not to introduce any security 113 risks beyond those of the base operation it is attached to. Security 114 considerations for the base operations, as well as general LDAP 115 security considerations, are discussed in RFCs comprising the LDAP 116 Technical Specification [RFC3377]. 118 4. IANA Considerations 120 4.1 LDAP Protocol Mechanism 122 Registration of this protocol mechanism is requested [RFC3383]. 124 Subject: Request for LDAP Protocol Mechanism Registration 125 Object Identifier: 1.3.6.1.4.1.4203.1.10.2 126 Description: No-Op Control 127 Person & email address to contact for further information: 128 Kurt Zeilenga 129 Usage: Control 130 Specification: RFC XXXX 131 Author/Change Controller: IESG 132 Comments: none 134 This OID was assigned [ASSIGN] by OpenLDAP Foundation, under its 135 IANA-assigned private enterprise allocation [PRIVATE], for use in this 136 specification. 138 4.2 LDAP Result Code 140 Assignment of an LDAP Result Code called 'noOperation' is requested. 142 Subject: LDAP Result Code Registration 143 Person & email address to contact for further information: 144 Kurt Zeilenga 145 Result Code Name: noOperation 146 Specification: RFC XXXX 147 Author/Change Controller: IESG 148 Comments: none 150 5. Author's Address 152 Kurt D. Zeilenga 153 OpenLDAP Foundation 154 156 6. Normative References 158 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 159 Requirement Levels", BCP 14 (also RFC 2119), March 1997. 161 [RFC2251] Wahl, M., T. Howes and S. Kille, "Lightweight Directory 162 Access Protocol (v3)", RFC 2251, December 1997. 164 [RFC3377] Hodges, J. and R. Morgan, "Lightweight Directory Access 165 Protocol (v3): Technical Specification", RFC 3377, 166 September 2002. 168 7. Informative References 170 [X.500] International Telecommunication Union - 171 Telecommunication Standardization Sector, "The Directory 172 -- Overview of concepts, models and services," 173 X.500(1993) (also ISO/IEC 9594-1:1994). 175 [RFC3383] Zeilenga, K., "IANA Considerations for LDAP", BCP 64 176 (also RFC 3383), September 2002. 178 [ASSIGN] OpenLDAP Foundation, "OpenLDAP OID Delegations", 179 http://www.openldap.org/foundation/oid-delegate.txt. 181 [PRIVATE] IANA, "Private Enterprise Numbers", 182 http://www.iana.org/assignments/enterprise-numbers. 184 Intellectual Property Rights 186 The IETF takes no position regarding the validity or scope of any 187 intellectual property or other rights that might be claimed to pertain 188 to the implementation or use of the technology described in this 189 document or the extent to which any license under such rights might or 190 might not be available; neither does it represent that it has made any 191 effort to identify any such rights. Information on the IETF's 192 procedures with respect to rights in standards-track and 193 standards-related documentation can be found in BCP-11. Copies of 194 claims of rights made available for publication and any assurances of 195 licenses to be made available, or the result of an attempt made to 196 obtain a general license or permission for the use of such proprietary 197 rights by implementors or users of this specification can be obtained 198 from the IETF Secretariat. 200 The IETF invites any interested party to bring to its attention any 201 copyrights, patents or patent applications, or other proprietary 202 rights which may cover technology that may be required to practice 203 this standard. Please address the information to the IETF Executive 204 Director. 206 Full Copyright 208 Copyright (C) The Internet Society (2003). All Rights Reserved. 210 This document and translations of it may be copied and furnished to 211 others, and derivative works that comment on or otherwise explain it 212 or assist in its implmentation may be prepared, copied, published and 213 distributed, in whole or in part, without restriction of any kind, 214 provided that the above copyright notice and this paragraph are 215 included on all such copies and derivative works. However, this 216 document itself may not be modified in any way, such as by removing 217 the copyright notice or references to the Internet Society or other 218 Internet organizations, except as needed for the purpose of 219 developing Internet standards in which case the procedures for 220 copyrights defined in the Internet Standards process must be followed, 221 or as required to translate it into languages other than English.