idnits 2.17.1 

draft-zeilenga-ldap-noop-03.txt:

  Checking boilerplate required by RFC 5378 and the IETF Trust (see
  https://trustee.ietf.org/license-info):
  ----------------------------------------------------------------------------

  ** Looks like you're using RFC 2026 boilerplate.  This must be updated to
     follow RFC 3978/3979, as updated by RFC 4748.


  Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
  ----------------------------------------------------------------------------

  ** The document seems to lack a 1id_guidelines paragraph about 6 months
     document validity -- however, there's a paragraph with a matching
     beginning. Boilerplate error?

  ** The document seems to lack a 1id_guidelines paragraph about the list of
     current Internet-Drafts -- however, there's a paragraph with a matching
     beginning. Boilerplate error?

  ** The document seems to lack a 1id_guidelines paragraph about the list of
     Shadow Directories. 


  Checking nits according to https://www.ietf.org/id-info/checklist :
  ----------------------------------------------------------------------------

     No issues found here.

  Miscellaneous warnings:
  ----------------------------------------------------------------------------

  == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not
     match the current year

  == Line 232 has weird spacing: '...for the  purpo...'

  == The document seems to lack the recommended RFC 2119 boilerplate, even if
     it appears to use RFC 2119 keywords -- however, there's a paragraph with
     a matching beginning. Boilerplate error?

     (The document does seem to have the reference to RFC 2119 which the
     ID-Checklist requires).
  -- The document seems to lack a disclaimer for pre-RFC5378 work, but may
     have content which was first submitted before 10 November 2008.  If you
     have contacted all the original authors and they are all willing to grant
     the BCP78 rights to the IETF Trust, then this is fine, and you can ignore
     this comment.  If not, you may need to add the pre-RFC5378 disclaimer. 
     (See the Legal Provisions document at
     https://trustee.ietf.org/license-info for more information.)

  -- The document date (25 October 2003) is 7488 days in the past.  Is this
     intentional?


  Checking references for intended status: Proposed Standard
  ----------------------------------------------------------------------------

     (See RFCs 3967 and 4897 for information about using normative references
     to lower-maturity documents in RFCs)

  == Missing Reference: 'U12' is mentioned on line 73, but not defined

  ** Obsolete normative reference: RFC 2251 (Obsoleted by RFC 4510, RFC 4511,
     RFC 4512, RFC 4513)

  ** Obsolete normative reference: RFC 3377 (Obsoleted by RFC 4510)

  -- Obsolete informational reference (is this intentional?): RFC 3383
     (Obsoleted by RFC 4520)


     Summary: 6 errors (**), 0 flaws (~~), 4 warnings (==), 3 comments (--).

     Run idnits with the --verbose option for more detailed information about
     the items above.

--------------------------------------------------------------------------------


2	INTERNET-DRAFT                                      Kurt D. Zeilenga
3	Intended Category: Standard Track                OpenLDAP Foundation
4	Expires in six months                                25 October 2003

6	                          The LDAP No-Op Control
7	                    <draft-zeilenga-ldap-noop-03.txt>

9	Status of this Memo

11	  This document is an Internet-Draft and is in full conformance with all
12	  provisions of Section 10 of RFC2026.

14	  This document is intended to be, after appropriate review and
15	  revision, submitted to the IESG for consideration as a Standard Track
16	  document.  Distribution of this memo is unlimited.  Technical
17	  discussion of this document will take place on the IETF LDAP
18	  Extensions mailing list <ldapext@ietf.org>.  Please send editorial
19	  comments directly to the author <Kurt@OpenLDAP.org>.

21	  Internet-Drafts are working documents of the Internet Engineering Task
22	  Force (IETF), its areas, and its working groups.  Note that other
23	  groups may also distribute working documents as Internet-Drafts.
24	  Internet-Drafts are draft documents valid for a maximum of six months
25	  and may be updated, replaced, or obsoleted by other documents at any
26	  time.  It is inappropriate to use Internet-Drafts as reference
27	  material or to cite them other than as ``work in progress.''

29	  The list of current Internet-Drafts can be accessed at
30	  <http://www.ietf.org/ietf/1id-abstracts.txt>. The list of
31	  Internet-Draft Shadow Directories can be accessed at
32	  <http://www.ietf.org/shadow.html>.

34	  Copyright (C) The Internet Society (2003).  All Rights Reserved.

36	  Please see the Full Copyright section near the end of this document
37	  for more information.

39	Abstract

41	  This document defines the Lightweight Directory Access Protocol (LDAP)
42	  No-Op control which can be used to disable the normal effect of an
43	  operation.  The control can be used to discover how a server might
44	  react to a particular update request without updating the directory.

46	1.  Overview

48	  It is often desirable to be able to determine if a directory [X.500]
49	  operation would successful complete or not without having the normal
50	  effect of the operation take place.  For example, an administrative
51	  client might want to verify that new user could update their entry
52	  (and not other entries) without the directory actually being updated.
53	  The mechanism could be used to build more sophisticated security
54	  auditing tools.

56	  This document defines the Lightweight Directory Access Protocol (LDAP)
57	  [RFC3377] No-Op control.  The presence of the No-Op control in an
58	  operation request message disables the normal effect upon the
59	  directory which operation would otherwise have.  Instead of updating
60	  the directory and return the normal indication of success, the server
61	  does not update the directory and indicates so by returning the
62	  noOperation resultCode (introduced below).

64	  For example, when the No-Op control is present in a LDAP modify
65	  operation [RFC2251], the server is do all processing necessary to
66	  perform the operation without actually updating the directory.  If it
67	  detects an error during this processing, it returns a non-success
68	  (other than noOperation) resultCode as it normally would.  Otherwise,
69	  it returns the noOperation.  In either case, the directory is left
70	  unchanged.

72	  This No-Op control is not intended to be to a "effective access"
73	  mechanism [RFC2820, U12].

75	1.1.  Terminology

77	  The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
78	  "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
79	  document are to be interpreted as described in BCP 14 [RFC2119].

81	  DN stands for Distinguished Name.
82	  DSA stands for Directory System Agent.
83	  DSE stands for DSA-specific entry.

85	2.  No-Op Control

87	  The No-Op control is an LDAP Control [RFC2251] whose controlType is
88	  IANA-ASSIGNED-OID, criticality is TRUE, and controlValue is absent.
89	  Criticality of TRUE is REQUIRED to prevent unintended modification of
90	  the directory.  There is no corresponding response control.

92	  The control is appropriate for LDAP Add, Delete, Modify and ModifyDN
93	  operations [RFC2251].

95	  When the control is attached to an LDAP request, the server does all
96	  normal processing possible for the operation without modification of
97	  the directory.  That is, when the control is attached to an LDAP
98	  request, the directory SHALL NOT be updated and the response SHALL NOT
99	  have a resultCode of success (0).

101	  A result code other than noOperation (IANA-ASSIGNED-CODE) means that
102	  the server is not able or willing to complete the processing for the
103	  reason indicated by the result code.  A result code of noOperation
104	  (TBD) indicates that the server discovered no reason why the operation
105	  would fail if submitted without the No-Op control.

107	  Servers SHOULD indicate their support for this control by providing
108	  IANA-ASSIGNED-OID as a value of the 'supportedControl' attribute type
109	  in their root DSE entry.  A server MAY choose to advertise this
110	  extension only when the client is authorized to use this operation.

112	3.  Security Considerations

114	  The No-Op control mechanism allows directory administrators and users
115	  to verify that access control and other administrative policy controls
116	  are properly configured.  The mechanism may also lead to the
117	  development (and deployment) of more effective security auditing
118	  tools.

120	  The No-Op control mechanism is believed not to introduce any security
121	  risks beyond those of the base operation it is attached to.  Security
122	  considerations for the base operations, as well as general LDAP
123	  security considerations, are discussed in RFCs comprising the LDAP
124	  Technical Specification [RFC3377].

126	4.  IANA Considerations

128	4.1.  Object Identifier

130	  It is requested that IANA assign an LDAP Object Identifier [RFC3383]
131	  to identify the LDAP No-Op Control defined in this document.

133	      Subject: Request for LDAP Object Identifier Registration
134	      Person & email address to contact for further information:
135	          Kurt Zeilenga <kurt@OpenLDAP.org>
136	      Specification: RFC XXXX
137	      Author/Change Controller: IESG
138	      Comments:
139	          Identifies the LDAP No-Op Control

141	4.2  LDAP Protocol Mechanism

143	  Registration of this protocol mechanism is requested [RFC3383].

145	  Subject: Request for LDAP Protocol Mechanism Registration
146	  Object Identifier: IANA-ASSIGNED-OID
147	  Description: No-Op Control
148	  Person & email address to contact for further information:
149	      Kurt Zeilenga <kurt@openldap.org>
150	  Usage: Control
151	  Specification: RFC XXXX
152	  Author/Change Controller: IESG
153	  Comments: none

155	4.3  LDAP Result Code

157	  Assignment of an LDAP Result Code called 'noOperation' is requested.

159	      Subject: LDAP Result Code Registration
160	      Person & email address to contact for further information:
161	          Kurt Zeilenga <kurt@OpenLDAP.org>
162	      Result Code Name: noOperation
163	      Specification: RFC XXXX
164	      Author/Change Controller: IESG
165	      Comments:  none

167	5.  Author's Address

169	  Kurt D. Zeilenga
170	  OpenLDAP Foundation
171	  <Kurt@OpenLDAP.org>

173	6. Normative References

175	  [RFC2119]     Bradner, S., "Key words for use in RFCs to Indicate
176	                Requirement Levels", BCP 14 (also RFC 2119), March 1997.

178	  [RFC2251]     Wahl, M., T. Howes and S. Kille, "Lightweight Directory
179	                Access Protocol (v3)", RFC 2251, December 1997.

181	  [RFC3377]     Hodges, J. and R. Morgan, "Lightweight Directory Access
182	                Protocol (v3): Technical Specification", RFC 3377,
183	                September 2002.

185	7. Informative References

187	  [X.500]       International Telecommunication Union -
188	                Telecommunication Standardization Sector, "The Directory
189	                -- Overview of concepts, models and services,"
190	                X.500(1993) (also ISO/IEC 9594-1:1994).

192	  [RFC2820]     Stokes, E., et. al., "Access Control Requirements for
193	                LDAP", RFC 2820, May 2000.

195	  [RFC3383]     Zeilenga, K., "IANA Considerations for LDAP", BCP 64
196	                (also RFC 3383), September 2002.

198	Intellectual Property Rights

200	  The IETF takes no position regarding the validity or scope of any
201	  intellectual property or other rights that might be claimed to pertain
202	  to the implementation or use of the technology described in this
203	  document or the extent to which any license under such rights might or
204	  might not be available; neither does it represent that it has made any
205	  effort to identify any such rights.  Information on the IETF's
206	  procedures with respect to rights in standards-track and
207	  standards-related documentation can be found in BCP-11.  Copies of
208	  claims of rights made available for publication and any assurances of
209	  licenses to be made available, or the result of an attempt made to
210	  obtain a general license or permission for the use of such proprietary
211	  rights by implementors or users of this specification can be obtained
212	  from the IETF Secretariat.

214	  The IETF invites any interested party to bring to its attention any
215	  copyrights, patents or patent applications, or other proprietary
216	  rights which may cover technology that may be required to practice
217	  this standard.  Please address the information to the IETF Executive
218	  Director.

220	Full Copyright

222	  Copyright (C) The Internet Society (2003). All Rights Reserved.

224	  This document and translations of it may be copied and furnished to
225	  others, and derivative works that comment on or otherwise explain it
226	  or assist in its implmentation may be prepared, copied, published and
227	  distributed, in whole or in part, without restriction of any kind,
228	  provided that the above copyright notice and this paragraph are
229	  included on all such copies and derivative works.  However, this
230	  document itself may not be modified in any way, such as by removing
231	  the copyright notice or references to the Internet Society or other
232	  Internet organizations, except as needed for the  purpose of
233	  developing Internet standards in which case the procedures for
234	  copyrights defined in the Internet Standards process must be followed,
235	  or as required to translate it into languages other than English.