INTERNET-DRAFT Michael P. Armijo <draft-armijo-ldap-control-error-02.txt> Microsoft Corporation September, 2001 Asaf Kashi Microsoft Corporation Result Code for LDAP Controls Status of this Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet- Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. Distribution of this memo is unlimited. It is filed as <draft- armijo-ldap-control-error-02.txt>, and expires March, 2001. Please send comments to the author. Abstract The purpose of this document is to create a new result code specific to LDAP controls and to define guidelines for the use of this result code. 1. Background and Intended Usage LDAPv3 [1] allows for the extension of the protocol through the use of controls. These controls allow existing operations to be enhanced to provide additional functionality for directory operations. Complex controls are being established that are bringing up error conditions not anticipated in the LDAPv3 specifications. Armijo Standards Track 1 Result Code for LDAP Controls August 2001 This document provides a result code that can be used to signify a control specific error. The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [2]. 2. The LDAP Control Result Code The LDAPResult construct as defined in section 4.1.10 of RFC 2251 [1] includes a list of valid result codes. The LDAPResult construct is repeated here for readability: LDAPResult ::= SEQUENCE { resultCode ENUMERATED { success (0), operationsError (1), protocolError (2), timeLimitExceeded (3), sizeLimitExceeded (4), compareFalse (5), compareTrue (6), authMethodNotSupported (7), strongAuthRequired (8), -- 9 reserved -- referral (10), -- new adminLimitExceeded (11), -- new unavailableCriticalExtension (12), -- new confidentialityRequired (13), -- new saslBindInProgress (14), -- new noSuchAttribute (16), undefinedAttributeType (17), inappropriateMatching (18), constraintViolation (19), attributeOrValueExists (20), invalidAttributeSyntax (21), -- 22-31 unused -- noSuchObject (32), aliasProblem (33), invalidDNSyntax (34), -- 35 reserved for undefined isLeaf -- aliasDereferencingProblem (36), -- 37-47 unused -- inappropriateAuthentication (48), invalidCredentials (49), insufficientAccessRights (50), busy (51), unavailable (52), unwillingToPerform (53), loopDetect (54), -- 55-63 unused -- namingViolation (64), Armijo Standards Track 2 Result Code for LDAP Controls August 2001 objectClassViolation (65), notAllowedOnNonLeaf (66), notAllowedOnRDN (67), entryAlreadyExists (68), objectClassModsProhibited (69), -- 70 reserved for CLDAP -- affectsMultipleDSAs (71), -- new -- 72-79 unused -- other (80) }, -- 81-90 reserved for APIs -- matchedDN LDAPDN, errorMessage LDAPString, referral [3] Referral OPTIONAL } This document adds another valid result code, controlError(76). 3. Use of the LDAP Control Result Code The controlError MUST be defined in any control specification that makes use of the result code. The scenario of when the controlError result code may be returned and the exact behavior of the client with particular controls MUST be defined in any control specification that refers to this result code. The controlError result code can be returned when an operation has failed due to an error caused by an attached control. The controlError SHOULD NOT be used to represent any condition that can be defined using any existing result code in RFC 2251. The controlError result code MAY be defined in control specifications to signify that the client should parse an embedded result code for additional control specific results. 4. Security Considerations This document defines an extension to RFC 2251 [1] and has the same security issues. See the security considerations section in [1] for more details. 5. References [1] Wahl, M., Howes, T. and S. Kille, "Lightweight Directory Access Protocol(v3)", RFC 2251, December 1997. [2] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", RFC 2119, March 1997 Armijo Standards Track 3 Result Code for LDAP Controls August 2001 6. Authors Address Asaf Kashi One Microsoft Way Redmond, WA 98052 asafk@microsoft.com Michael P. Armijo One Microsoft Way Redmond, WA 98052 micharm@microsoft.com Expires March, 2002 Armijo Standards Track 4
Datatracker
Report a datatracker bug
draft-armijo-ldap-control-error-02
Internet-Draft
| Document | Document type |
This is an older version of an Internet-Draft whose latest revision state is "Expired".
Expired & archived
|
|
|---|---|---|---|
| Select version | |||
| Compare versions | |||
| Author | |||
| RFC stream |
|
||
| Other formats |