idnits 2.17.1 

draft-zeilenga-ldap-noop-04.txt:

  Checking boilerplate required by RFC 5378 and the IETF Trust (see
  https://trustee.ietf.org/license-info):
  ----------------------------------------------------------------------------

  ** Looks like you're using RFC 2026 boilerplate.  This must be updated to
     follow RFC 3978/3979, as updated by RFC 4748.


  Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
  ----------------------------------------------------------------------------

  ** The document seems to lack a 1id_guidelines paragraph about 6 months
     document validity -- however, there's a paragraph with a matching
     beginning. Boilerplate error?

  ** The document seems to lack a 1id_guidelines paragraph about the list of
     current Internet-Drafts -- however, there's a paragraph with a matching
     beginning. Boilerplate error?

  ** The document seems to lack a 1id_guidelines paragraph about the list of
     Shadow Directories. 


  Checking nits according to https://www.ietf.org/id-info/checklist :
  ----------------------------------------------------------------------------

     No issues found here.

  Miscellaneous warnings:
  ----------------------------------------------------------------------------

  == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not
     match the current year

  == Line 233 has weird spacing: '...for the  purpo...'

  == The document seems to lack the recommended RFC 2119 boilerplate, even if
     it appears to use RFC 2119 keywords -- however, there's a paragraph with
     a matching beginning. Boilerplate error?

     (The document does seem to have the reference to RFC 2119 which the
     ID-Checklist requires).
  -- The document seems to lack a disclaimer for pre-RFC5378 work, but may
     have content which was first submitted before 10 November 2008.  If you
     have contacted all the original authors and they are all willing to grant
     the BCP78 rights to the IETF Trust, then this is fine, and you can ignore
     this comment.  If not, you may need to add the pre-RFC5378 disclaimer. 
     (See the Legal Provisions document at
     https://trustee.ietf.org/license-info for more information.)

  -- The document date (3 February 2004) is 7388 days in the past.  Is this
     intentional?


  Checking references for intended status: Proposed Standard
  ----------------------------------------------------------------------------

     (See RFCs 3967 and 4897 for information about using normative references
     to lower-maturity documents in RFCs)

  == Missing Reference: 'U12' is mentioned on line 73, but not defined

  ** Obsolete normative reference: RFC 2251 (Obsoleted by RFC 4510, RFC 4511,
     RFC 4512, RFC 4513)

  ** Obsolete normative reference: RFC 3377 (Obsoleted by RFC 4510)

  -- Obsolete informational reference (is this intentional?): RFC 3383
     (Obsoleted by RFC 4520)


     Summary: 6 errors (**), 0 flaws (~~), 4 warnings (==), 3 comments (--).

     Run idnits with the --verbose option for more detailed information about
     the items above.

--------------------------------------------------------------------------------


2	INTERNET-DRAFT                                      Kurt D. Zeilenga
3	Intended Category: Standard Track                OpenLDAP Foundation
4	Expires in six months                                3 February 2004

6	                          The LDAP No-Op Control
7	                    <draft-zeilenga-ldap-noop-04.txt>

9	Status of this Memo

11	  This document is an Internet-Draft and is in full conformance with all
12	  provisions of Section 10 of RFC2026.

14	  This document is intended to be, after appropriate review and
15	  revision, submitted to the IESG for consideration as a Standard Track
16	  document.  Distribution of this memo is unlimited.  Technical
17	  discussion of this document will take place on the IETF LDAP
18	  Extensions mailing list <ldapext@ietf.org>.  Please send editorial
19	  comments directly to the author <Kurt@OpenLDAP.org>.

21	  Internet-Drafts are working documents of the Internet Engineering Task
22	  Force (IETF), its areas, and its working groups.  Note that other
23	  groups may also distribute working documents as Internet-Drafts.
24	  Internet-Drafts are draft documents valid for a maximum of six months
25	  and may be updated, replaced, or obsoleted by other documents at any
26	  time.  It is inappropriate to use Internet-Drafts as reference
27	  material or to cite them other than as ``work in progress.''

29	  The list of current Internet-Drafts can be accessed at
30	  <http://www.ietf.org/ietf/1id-abstracts.txt>. The list of
31	  Internet-Draft Shadow Directories can be accessed at
32	  <http://www.ietf.org/shadow.html>.

34	  Copyright (C) The Internet Society (2004).  All Rights Reserved.

36	  Please see the Full Copyright section near the end of this document
37	  for more information.

39	Abstract

41	  This document defines the Lightweight Directory Access Protocol (LDAP)
42	  No-Op control which can be used to disable the normal effect of an
43	  operation.  The control can be used to discover how a server might
44	  react to a particular update request without updating the directory.

46	1.  Overview

48	  It is often desirable to be able to determine if a directory operation
49	  [RFC2251] would successful complete or not without having the normal
50	  effect of the operation take place.  For example, an administrative
51	  client might want to verify that new user could update their entry
52	  (and not other entries) without the directory actually being updated.
53	  The mechanism could be used to build more sophisticated security
54	  auditing tools.

56	  This document defines the Lightweight Directory Access Protocol (LDAP)
57	  [RFC3377] No-Op control.  The presence of the No-Op control in an
58	  operation request message disables the normal effect upon the
59	  directory which operation would otherwise have.  Instead of updating
60	  the directory and return the normal indication of success, the server
61	  does not update the directory and indicates so by returning the
62	  noOperation resultCode (introduced below).

64	  For example, when the No-Op control is present in a LDAP modify
65	  operation [RFC2251], the server is do all processing necessary to
66	  perform the operation without actually updating the directory.  If it
67	  detects an error during this processing, it returns a non-success
68	  (other than noOperation) resultCode as it normally would.  Otherwise,
69	  it returns the noOperation.  In either case, the directory is left
70	  unchanged.

72	  This No-Op control is not intended to be to an "effective access"
73	  mechanism [RFC2820, U12].

75	1.1.  Terminology

77	  The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
78	  "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
79	  document are to be interpreted as described in BCP 14 [RFC2119].

81	  DN stands for Distinguished Name.
82	  DSA stands for Directory System Agent.
83	  DSE stands for DSA-specific entry.

85	2.  No-Op Control

87	  The No-Op control is an LDAP Control [RFC2251] whose controlType is
88	  IANA-ASSIGNED-OID and controlValue is absent.  Clients MUST provide a
89	  criticality value of TRUE to prevent unintended modification of the
90	  directory.

92	  The control is appropriate for request messages of LDAP Add, Delete,
93	  Modify and ModifyDN operations [RFC2251].  There is no corresponding
94	  response control.

96	  When the control is attached to an LDAP request, the server does all
97	  normal processing possible for the operation without modification of
98	  the directory.  That is, when the control is attached to an LDAP
99	  request, the directory SHALL NOT be updated and the response SHALL NOT
100	  have a resultCode of success (0).

102	  A result code other than noOperation (IANA-ASSIGNED-CODE) means that
103	  the server is not able or willing to complete the processing for the
104	  reason indicated by the result code.  A result code of noOperation
105	  (IANA-ASSIGNED-CODE) indicates that the server discovered no reason
106	  why the operation would fail if submitted without the No-Op control.

108	  Servers SHOULD indicate their support for this control by providing
109	  IANA-ASSIGNED-OID as a value of the 'supportedControl' attribute type
110	  in their root DSE entry.  A server MAY choose to advertise this
111	  extension only when the client is authorized to use this operation.

113	3.  Security Considerations

115	  The No-Op control mechanism allows directory administrators and users
116	  to verify that access control and other administrative policy controls
117	  are properly configured.  The mechanism may also lead to the
118	  development (and deployment) of more effective security auditing
119	  tools.

121	  The No-Op control mechanism is believed not to introduce any security
122	  risks beyond those of the base operation it is attached to.  Security
123	  considerations for the base operations, as well as general LDAP
124	  security considerations, are discussed in RFCs comprising the LDAP
125	  Technical Specification [RFC3377].

127	4.  IANA Considerations

129	4.1.  Object Identifier

131	  It is requested that IANA assign an LDAP Object Identifier [RFC3383]
132	  to identify the LDAP No-Op Control defined in this document.

134	      Subject: Request for LDAP Object Identifier Registration
135	      Person & email address to contact for further information:
136	          Kurt Zeilenga <kurt@OpenLDAP.org>
137	      Specification: RFC XXXX
138	      Author/Change Controller: IESG
139	      Comments:
140	          Identifies the LDAP No-Op Control

142	4.2  LDAP Protocol Mechanism

144	  Registration of this protocol mechanism is requested [RFC3383].

146	  Subject: Request for LDAP Protocol Mechanism Registration
147	  Object Identifier: IANA-ASSIGNED-OID
148	  Description: No-Op Control
149	  Person & email address to contact for further information:
150	      Kurt Zeilenga <kurt@openldap.org>
151	  Usage: Control
152	  Specification: RFC XXXX
153	  Author/Change Controller: IESG
154	  Comments: none

156	4.3  LDAP Result Code

158	  Assignment of an LDAP Result Code called 'noOperation' is requested.

160	      Subject: LDAP Result Code Registration
161	      Person & email address to contact for further information:
162	          Kurt Zeilenga <kurt@OpenLDAP.org>
163	      Result Code Name: noOperation
164	      Specification: RFC XXXX
165	      Author/Change Controller: IESG
166	      Comments:  none

168	5.  Author's Address

170	  Kurt D. Zeilenga
171	  OpenLDAP Foundation
172	  <Kurt@OpenLDAP.org>

174	6. Normative References

176	  [RFC2119]     Bradner, S., "Key words for use in RFCs to Indicate
177	                Requirement Levels", BCP 14 (also RFC 2119), March 1997.

179	  [RFC2251]     Wahl, M., T. Howes and S. Kille, "Lightweight Directory
180	                Access Protocol (v3)", RFC 2251, December 1997.

182	  [RFC3377]     Hodges, J. and R. Morgan, "Lightweight Directory Access
183	                Protocol (v3): Technical Specification", RFC 3377,
184	                September 2002.

186	7. Informative References

188	  [X.500]       International Telecommunication Union -
189	                Telecommunication Standardization Sector, "The Directory
190	                -- Overview of concepts, models and services,"
191	                X.500(1993) (also ISO/IEC 9594-1:1994).

193	  [RFC2820]     Stokes, E., et. al., "Access Control Requirements for
194	                LDAP", RFC 2820, May 2000.

196	  [RFC3383]     Zeilenga, K., "IANA Considerations for LDAP", BCP 64
197	                (also RFC 3383), September 2002.

199	Intellectual Property Rights

201	  The IETF takes no position regarding the validity or scope of any
202	  intellectual property or other rights that might be claimed to pertain
203	  to the implementation or use of the technology described in this
204	  document or the extent to which any license under such rights might or
205	  might not be available; neither does it represent that it has made any
206	  effort to identify any such rights.  Information on the IETF's
207	  procedures with respect to rights in standards-track and
208	  standards-related documentation can be found in BCP-11.  Copies of
209	  claims of rights made available for publication and any assurances of
210	  licenses to be made available, or the result of an attempt made to
211	  obtain a general license or permission for the use of such proprietary
212	  rights by implementors or users of this specification can be obtained
213	  from the IETF Secretariat.

215	  The IETF invites any interested party to bring to its attention any
216	  copyrights, patents or patent applications, or other proprietary
217	  rights which may cover technology that may be required to practice
218	  this standard.  Please address the information to the IETF Executive
219	  Director.

221	Full Copyright

223	  Copyright (C) The Internet Society (2004). All Rights Reserved.

225	  This document and translations of it may be copied and furnished to
226	  others, and derivative works that comment on or otherwise explain it
227	  or assist in its implementation may be prepared, copied, published and
228	  distributed, in whole or in part, without restriction of any kind,
229	  provided that the above copyright notice and this paragraph are
230	  included on all such copies and derivative works.  However, this
231	  document itself may not be modified in any way, such as by removing
232	  the copyright notice or references to the Internet Society or other
233	  Internet organizations, except as needed for the  purpose of
234	  developing Internet standards in which case the procedures for
235	  copyrights defined in the Internet Standards process must be followed,
236	  or as required to translate it into languages other than English.