INTERNET-DRAFT Kurt D. Zeilenga
Intended Category: Experimental OpenLDAP Foundation
Expires in six months 4 November 2002
LDAP Transactions
<draft-zeilenga-ldap-txn-05.txt>
Status of Memo
This document is an Internet-Draft and is in full conformance with all
provisions of Section 10 of RFC2026.
This document is intended to be, after appropriate review and
revision, submitted to the RFC Editor as an Experimental document.
Distribution of this memo is unlimited. Technical discussion of this
document will take place on the IETF LDAP Extension Working Group
mailing list <ldapext@ietf.org>. Please send editorial comments
directly to the author <Kurt@OpenLDAP.org>.
Internet-Drafts are working documents of the Internet Engineering Task
Force (IETF), its areas, and its working groups. Note that other
groups may also distribute working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as ``work in progress.''
The list of current Internet-Drafts can be accessed at
<http://www.ietf.org/ietf/1id-abstracts.txt>. The list of
Internet-Draft Shadow Directories can be accessed at
<http://www.ietf.org/shadow.html>.
Copyright 2002, The Internet Society. All Rights Reserved.
Please see the Copyright section near the end of this document for
more information.
Abstract
Lightweight Directory Access Protocol (LDAP) update operations have
atomic properties upon individual entries. However, it is often
desirable to update two or more entries as one atomic action, a
transaction. Transactions are necessary to support a number of
applications including resource provisioning and information
replication. This document defines an LDAP extension to support
Zeilenga LDAP Transactions [Page 1]
INTERNET-DRAFT draft-zeilenga-ldap-txn-05 4 November 2002
transactions.
Conventions
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in BCP 14 [RFC2119].
Protocol elements are described using ASN.1 [X.680]. The term
"BER-encoded" means the element is to be encoded using the Basic
Encoding Rules [X.690] under the restrictions detailed in Section 5.1
of [RFC2251].
1. Overview
This document extends LDAP [RFC3377] to allow clients to group a
number of related update operations [RFC2251] and have them preformed
as one atomic action, a transaction. This extension uses the
grouping mechanism provided by [GROUP] to relate operations of the
transaction. The createGrouping operation is used to obtain a group
cookie which is used to identify operations which are apart of the
transaction. The group cookie can be viewed as a transaction
identifier. The endGrouping operation is used to settle (commit or
abort) the transaction.
This specification will likely be significantly enhanced before it
progressed. In particular, clarification of transaction semantics and
better error handling will likely be added. A ''prepare'' capability
may also be added.
2. Specification of a Transaction
Servers implementing this specification SHOULD publish the
transactionGroupingType as a value of the 'supportedGroupingTypes'
attribute contained within the Root DSE.
transactionGroupingType ::= IANA-ASSIGNED-OID
A client wishing to preform a transaction MUST issue a
createGroupingRequest with a createGroupType of
transactionGroupingType and no createGroupValue. A server which is
willing and able to support transactions SHALL return a
createGroupingResponse with a success result code, a
createGroupCookie, and no createGroupValue. Otherwise the server
SHALL return a non-success result code, no createGroupCookie, and no
Zeilenga LDAP Transactions [Page 2]
INTERNET-DRAFT draft-zeilenga-ldap-txn-05 4 November 2002
createGroupValue.
The client MAY then attach a GroupingControl to subsequent update
operations (modify or moddn) to indicate that they are to be processed
as part of the transaction per [GROUP], Section 3.5. If the server is
willing and able to attempt to process operation as part of the
transaction, the server SHALL return success. If the server is
unwilling or unable to attempt to process the operation as part of the
transaction, the server SHALL return a non-successful result code.
If the server becomes unwilling or unable to continue the
specification of a transaction, the server SHOULD issue a
endGroupNotice. Any future use of cookie by the client SHALL result
in a response containing a non-success result code.
Upon receipt of a endGroupingNotice, the client SHOULD discontinue all
use of the grouping cookie. The client SHOULD NOT issue an
endGroupingRequest for the grouping cookie as the transaction is null
and void.
A client requests settling of transaction by issuing an
endGroupingRequest where the groupingCookie is the group cookie
identify the transaction. The absence of any endGroupingValue
indicates a commit request. The presence of an empty endGroupValue
indicates an abort request. The endGroupValue MUST be empty if
provided.
The endGroupingResponse of success indicates the settle action was
successfully. No endGroupingValue is provided with the
endGroupingResponse.
3. Transaction Semantics
Upon request to commit the transaction, the server perform the
operations as one atomic action. Operations belonging to the
transaction are applied in the request order. If any operation fails,
the contents of target objects is left unchanged and a non-success
result code is returned indicating the nature of the failure.
There is no requirement that a server serialize transactions. That
is, a server MAY process multiple transactions commit requests (from
one or more clients) acting upon different sets of entries
concurrently. A server MUST ensure concurrent processing of
transactions provides the atomic properties described above. A server
MUST avoid deadlock.
Zeilenga LDAP Transactions [Page 3]
INTERNET-DRAFT draft-zeilenga-ldap-txn-05 4 November 2002
4. Distributed Directory Considerations
The LDAP/X.500 models provide for distributed directory operations
including server-side chaining and client-side chasing of operations.
This document does not disallow servers from chaining operations which
are part of a transaction. However, if a server does allow such
chaining, it MUST ensure that transaction semantics detailed above are
provided.
This mechanism defined by this document does not support client-side
chasing. Grouping cookies used to identify the transaction are
specific to a particular client/server session.
The LDAP/X.500 models provide for a single-master/multiple-slave
replication architecture. This document states no requirement that
changes made to the directory based upon processing a transaction be
replicated as one atomic action. That is, the client SHOULD NOT
assume tight data consistency nor fast data convergence at slave
servers unless they have prior knowledge that such is provided.
Though this mechanism could be used to support replication, such use
is not described in this document.
The LDAP/X.500 models do not currently support a multi-master
replication architecture and, hence, not considered by this
specification.
5. Security Considerations
Transactions mechanisms and related grouping operations may be the
target of denial of service attacks. Implementors should provide
safeguards to ensure these mechanisms are not abused.
6. IANA Considerations
In accordance with [RFC3383], it is requested that Internet Assigned
Numbers Authority (IANA) make the following assignments.
6.1. Object Identifier
An LDAP Object Identifier to identify the grouping type defined in
this document is requested.
The following registration template is suggested:
Zeilenga LDAP Transactions [Page 4]
INTERNET-DRAFT draft-zeilenga-ldap-txn-05 4 November 2002
Subject: Request for LDAP Object Identifier Registration
Person & email address to contact for further information:
Kurt Zeilenga <kurt@OpenLDAP.org>
Specification: RFCXXXX
Author/Change Controller: IESG
Comments:
Identifies the LDAP Transactions Grouping Type
6.2. LDAP Protocol Mechanism
Registration of the protocol mechanisms defined in this document is
requested.
Subject: Request for LDAP Protocol Mechansism Registration
Object Identifier: IANA-ASSIGNED-OID
Description: LDAP Transaction Grouping Type
Person & email address to contact for further information:
Kurt Zeilenga <kurt@openldap.org>
Usage: Grouping
Specification: RFCxxxx
Author/Change Controller: IESG
Comments: none
7. Acknowledgments
The author gratefully acknowledges the contributions made by members
of the Internet Engineering Task Force.
8. Author's Address
Kurt D. Zeilenga
OpenLDAP Foundation
<Kurt@OpenLDAP.org>
9. Normative References
[RFC2119] S. Bradner, "Key Words for use in RFCs to Indicate
Requirement Levels", BCP 14 (also RFC 2119), March 1997.
[RFC2251] M. Wahl, S. Kille, T. Howes, "Lightweight Directory Access
Protocol (v3)", RFC 2251, December 1997.
[RFC3377] J. Hodges, R. Morgan, "Lightweight Directory Access
Zeilenga LDAP Transactions [Page 5]
INTERNET-DRAFT draft-zeilenga-ldap-txn-05 4 November 2002
Protocol (v3): Technical Specification", RFC 3377, September 2002.
[GROUP] K. Zeilenga, "LDAP: Grouping of Related Operations",
draft-zeilenga-ldap-grouping-xx.txt, a work in progress.
[X.680] ITU-T, "Abstract Syntax Notation One (ASN.1) - Specification
of Basic Notation", X.680, 1994.
[X.690] ITU-T, "Specification of ASN.1 encoding rules: Basic,
Canonical, and Distinguished Encoding Rules", X.690, 1994.
10. Informative References
[RFC3383] K. Zeilenga, "IANA Considerations for LDAP", BCP 64 (also
RFC 3383), September 2002.
[X.500] ITU-T, "The Directory: Overview of Concepts, Models, and
Services", X.500, 1993.
[X.501] ITU-T, "The Directory: Models", X.501, 1993.
Copyright 2002, The Internet Society. All Rights Reserved.
This document and translations of it may be copied and furnished
to others, and derivative works that comment on or otherwise explain
it or assist in its implementation may be prepared, copied, published
and distributed, in whole or in part, without restriction of any
kind, provided that the above copyright notice and this paragraph
are included on all such copies and derivative works. However,
this document itself may not be modified in any way, such as by
removing the copyright notice or references to the Internet Society
or other Internet organizations, except as needed for the purpose
of developing Internet standards in which case the procedures for
copyrights defined in the Internet Standards process must be followed,
or as required to translate it into languages other than English.
The limited permissions granted above are perpetual and will not
be revoked by the Internet Society or its successors or assigns.
This document and the information contained herein is provided on
an "AS IS" basis and THE AUTHORS, THE INTERNET SOCIETY, AND THE
INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS
OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE
OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Zeilenga LDAP Transactions [Page 6]
INTERNET-DRAFT draft-zeilenga-ldap-txn-05 4 November 2002
Zeilenga LDAP Transactions [Page 7]