INTERNET-DRAFT                                         Kurt D. Zeilenga
Intended Category: Experimental                     OpenLDAP Foundation
Expires in six months                                        3 May 2003

                            LDAP Transactions

Status of Memo

  This document is an Internet-Draft and is in full conformance with all
  provisions of Section 10 of RFC2026.

  This document is intended to be, after appropriate review and
  revision, submitted to the RFC Editor as an Experimental document.
  Distribution of this memo is unlimited.  Technical discussion of this
  document will take place on the IETF LDAP Extension Working Group
  mailing list <>.  Please send editorial comments
  directly to the author <>.

  Internet-Drafts are working documents of the Internet Engineering Task
  Force (IETF), its areas, and its working groups.  Note that other
  groups may also distribute working documents as Internet-Drafts.
  Internet-Drafts are draft documents valid for a maximum of six months
  and may be updated, replaced, or obsoleted by other documents at any
  time.  It is inappropriate to use Internet-Drafts as reference
  material or to cite them other than as ``work in progress.''

  The list of current Internet-Drafts can be accessed at
  <>. The list of
  Internet-Draft Shadow Directories can be accessed at

  Copyright 2003, The Internet Society.  All Rights Reserved.

  Please see the Copyright section near the end of this document for
  more information.


  Lightweight Directory Access Protocol (LDAP) update operations acting
  upon entries have atomic, consistency, isolation, durability (ACID)
  properties.  However, it is often desirable to update two or more
  entries as one unit of interaction, a transaction.  Transactions are
  necessary to support a number of applications including resource
  provisioning and information replication.  This document defines an

Zeilenga                    LDAP Transactions                   [Page 1]

INTERNET-DRAFT         draft-zeilenga-ldap-txn-06             3 May 2003

  LDAP extension to support transactions.


  The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
  document are to be interpreted as described in BCP 14 [RFC2119].

  Protocol elements are described using ASN.1 [X.680].  The term
  "BER-encoded" means the element is to be encoded using the Basic
  Encoding Rules [X.690] under the restrictions detailed in Section 5.1
  of [RFC2251].

1. Overview

  This document extends the Lightweight Directory Access Protocol (LDAP)
  [RFC3377] to allow clients to group a number of related update
  operations [RFC2251] and have them preformed as one unit of
  interaction, a transaction.  As with distinct update operations, each
  transaction has atomic, consistency, isolation, and durability
  ([ACID]) properties.

  This extension uses the grouping mechanism provided by [GROUP] to
  relate operations of the transaction.  The createGrouping operation is
  used to obtain a group cookie which is used to identify operations
  which are apart of the transaction.  The group cookie can be viewed as
  a transaction identifier.  The endGrouping operation is used to settle
  (commit or abort) the transaction.

2. Specification of a Transaction

  Servers implementing this specification SHOULD publish the
  transactionGroupingType as a value of the 'supportedGroupingTypes'
  attribute contained within the Root DSE.

      transactionGroupingType ::= IANA-ASSIGNED-OID

  A client wishing to preform a transaction issues a
  createGroupingRequest with a createGroupType of
  transactionGroupingType and no createGroupValue.  A server which is
  willing and able to support transactions returns a
  createGroupingResponse with a success result code, a
  createGroupCookie, and no createGroupValue.  Otherwise the server
  returns a non-success result code, no createGroupCookie, and no

Zeilenga                    LDAP Transactions                   [Page 2]

INTERNET-DRAFT         draft-zeilenga-ldap-txn-06             3 May 2003

  The client then issues may issue one or more update (add, delete,
  modify, rename) requests, each with a GroupingControl indicating they
  are to processed as part of the transaction grouping.  If the server
  is willing and able to attempt to process operation as part of the
  transaction, the server returns success.  As further processing of the
  operation is be deferred until settlement, the operation is considered
  still outstanding and its messageID cannot to be reused until after
  settlement.  If the server is unwilling or unable to attempt to
  process the operation as part of the transaction, the server returns a
  non-successful result code.

  If the server becomes unwilling or unable to continue the
  specification of a transaction, the server return the canceled
  resultCode for each deferred operation and then issue a endGroupNotice
  with a non-success resultCode.  Any future use of cookie by the client
  will result in a response containing a non-success result code.  Upon
  receipt of a endGroupingNotice, the client is to discontinue all use
  of the grouping cookie as the transaction is null and void.

  A client requests settling of transaction by issuing an
  endGroupingRequest where the groupingCookie is the group cookie
  identify the transaction.  The absence of any endGroupingValue
  indicates a commit request.  The presence of an empty endGroupValue
  indicates an abort request.  The endGroupValue MUST be empty if

  If the commit response indicates failure, the server may return an
  endGroupingValue with the endGroupingResponse.  If so, it contains the
  BER-encoding of a MessageID [RFC2251] of the update operation
  associated with the failure.

3. Settling of the Transaction

  Upon receipt of a request to abort the transaction, the server is to
  abort the transaction and then return an endGroupingResponse
  indicating success.

  Upon receipt of a request to commit the transaction, the server
  processes the group of update operations as one atomic, isolated
  action with each update request being processed in turn.  Either all
  of the requested updates SHALL be successfully applied or none of the
  requested SHALL be applied.  If all are applied, the server returns an
  endGroupingResponse indicating success.  Otherwise, the server returns
  an endGroupingResponse indicating the nature of the failure.  If the
  failure is associated with a particular update operation, the message
  ID is returned an attached endGroupingValue.  If the failure was not
  associated with any particular update operation, no endGroupingValue

Zeilenga                    LDAP Transactions                   [Page 3]

INTERNET-DRAFT         draft-zeilenga-ldap-txn-06             3 May 2003

  is to be provided.

  There is no requirement that a server serialize transactions.  That
  is, a server MAY process multiple transactions commit requests (from
  one or more clients) acting upon different sets of entries
  concurrently.  A server MUST avoid deadlock.

4. Distributed Directory Considerations

  The LDAP/X.500 models provide for distributed directory operations
  including server-side chaining and client-side chasing of operations.

  This document does not disallow servers from chaining operations which
  are part of a transaction.  However, if a server does allow such
  chaining, it MUST ensure that transaction semantics detailed above are

  This mechanism defined by this document does not support client-side
  chasing.  Grouping cookies used to identify the transaction are
  specific to a particular client/server session.

  The LDAP/X.500 models provide for a single-master/multiple-slave
  replication architecture.  This document states no requirement that
  changes made to the directory based upon processing a transaction be
  replicated as one atomic action.  That is, the client SHOULD NOT
  assume tight data consistency nor fast data convergence at slave
  servers unless they have prior knowledge that such is provided.
  Though this mechanism could be used to support replication, such use
  is not described in this document.

  The LDAP/X.500 models do not currently support a multi-master
  replication architecture and, hence, not considered by this

5. Security Considerations

  Transactions mechanisms and related grouping operations may be the
  target of denial of service attacks.  Implementors should provide
  safeguards to ensure these mechanisms are not abused.

6. IANA Considerations

  In accordance with [RFC3383], it is requested that Internet Assigned
  Numbers Authority (IANA) make the following assignments.

Zeilenga                    LDAP Transactions                   [Page 4]

INTERNET-DRAFT         draft-zeilenga-ldap-txn-06             3 May 2003

6.1.  Object Identifier

  An LDAP Object Identifier to identify the grouping type defined in
  this document is requested.

  The following registration template is suggested:

      Subject: Request for LDAP Object Identifier Registration
      Person & email address to contact for further information:
          Kurt Zeilenga <>
      Specification: RFCXXXX
      Author/Change Controller: IESG
          Identifies the LDAP Transactions Grouping Type

6.2.  LDAP Protocol Mechanism

  Registration of the protocol mechanisms defined in this document is

  Subject: Request for LDAP Protocol Mechansism Registration

  Object Identifier: IANA-ASSIGNED-OID
  Description: LDAP Transaction Grouping Type
  Person & email address to contact for further information:
       Kurt Zeilenga <>
  Usage: Grouping
  Specification: RFCxxxx
  Author/Change Controller: IESG
  Comments: none

7. Acknowledgments

  The author gratefully acknowledges the contributions made by members
  of the Internet Engineering Task Force.

8. Author's Address

      Kurt D. Zeilenga
      OpenLDAP Foundation

9. Normative References

Zeilenga                    LDAP Transactions                   [Page 5]

INTERNET-DRAFT         draft-zeilenga-ldap-txn-06             3 May 2003

  [RFC2119] S. Bradner, "Key Words for use in RFCs to Indicate
            Requirement Levels", BCP 14 (also RFC 2119), March 1997.

  [RFC2251] M. Wahl, S. Kille, T. Howes, "Lightweight Directory Access
            Protocol (v3)", RFC 2251, December 1997.

  [RFC3377] J. Hodges, R. Morgan, "Lightweight Directory Access
            Protocol (v3): Technical Specification", RFC 3377, September 2002.

  [GROUP]   K. Zeilenga, "LDAP: Grouping of Related Operations",
            draft-zeilenga-ldap-grouping-xx.txt, a work in progress.

  [X.680]   ITU-T, "Abstract Syntax Notation One (ASN.1) - Specification
            of Basic Notation", X.680, 1994.

  [X.690]   ITU-T, "Specification of ASN.1 encoding rules:  Basic,
            Canonical, and Distinguished Encoding Rules", X.690, 1994.

10. Informative References

  [ACID]    Section 4 of ISO/IEC 10026-1:1992.

  [RFC3383] K. Zeilenga, "IANA Considerations for LDAP", BCP 64 (also
            RFC 3383), September 2002.

  [X.500]   ITU-T, "The Directory: Overview of Concepts, Models, and
            Services", X.500, 1993.

  [X.501]   ITU-T, "The Directory: Models", X.501, 1993.

Copyright 2003, The Internet Society.  All Rights Reserved.

  This document and translations of it may be copied and furnished
  to others, and derivative works that comment on or otherwise explain
  it or assist in its implementation may be prepared, copied, published
  and distributed, in whole or in part, without restriction of any
  kind, provided that the above copyright notice and this paragraph
  are included on all such copies and derivative works.  However,
  this document itself may not be modified in any way, such as by
  removing the copyright notice or references to the Internet Society
  or other Internet organizations, except as needed for the  purpose
  of developing Internet standards in which case the procedures for
  copyrights defined in the Internet Standards process must be followed,
  or as required to translate it into languages other than English.

  The limited permissions granted above are perpetual and will not

Zeilenga                    LDAP Transactions                   [Page 6]

INTERNET-DRAFT         draft-zeilenga-ldap-txn-06             3 May 2003

  be revoked by the Internet Society or its successors or assigns.

  This document and the information contained herein is provided on

Zeilenga                    LDAP Transactions                   [Page 7]