Considerations for Lightweight Directory Access Protocol (LDAP) Extensions
RFC 4521

Document Type RFC - Best Current Practice (June 2006; Errata)
Also known as BCP 118
Was draft-zeilenga-ldap-ext (individual in app area)
Last updated 2013-03-02
Stream IETF
Formats plain text pdf html
Stream WG state (None)
Consensus Unknown
Document shepherd No shepherd assigned
IESG IESG state RFC 4521 (Best Current Practice)
Telechat date
Responsible AD Ted Hardie
Send notices to kurt@openLDAP.org
Network Working Group                                        K. Zeilenga
Request for Comments: 4521                           OpenLDAP Foundation
BCP: 118                                                       June 2006
Category: Best Current Practice

                          Considerations for
        Lightweight Directory Access Protocol (LDAP) Extensions

Status of This Memo

   This document specifies an Internet Best Current Practices for the
   Internet Community, and requests discussion and suggestions for
   improvements.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2006).

Abstract

   The Lightweight Directory Access Protocol (LDAP) is extensible.  It
   provides mechanisms for adding new operations, extending existing
   operations, and expanding user and system schemas.  This document
   discusses considerations for designers of LDAP extensions.

Zeilenga                 Best Current Practice                  [Page 1]
RFC 4521                    LDAP Extensions                    June 2006

Table of Contents

   1. Introduction ....................................................3
      1.1. Terminology ................................................3
   2. General Considerations ..........................................4
      2.1. Scope of Extension .........................................4
      2.2. Interaction between extensions .............................4
      2.3. Discovery Mechanism ........................................4
      2.4. Internationalization Considerations ........................5
      2.5. Use of the Basic Encoding Rules ............................5
      2.6. Use of Formal Languages ....................................5
      2.7. Examples ...................................................5
      2.8. Registration of Protocol Values ............................5
   3. LDAP Operation Extensions .......................................6
      3.1. Controls ...................................................6
           3.1.1. Extending Bind Operation with Controls ..............6
           3.1.2. Extending the Start TLS Operation with Controls .....7
           3.1.3. Extending the Search Operation with Controls ........7
           3.1.4. Extending the Update Operations with Controls .......8
           3.1.5. Extending the Responseless Operations with Controls..8
      3.2. Extended Operations ........................................8
      3.3. Intermediate Responses .....................................8
      3.4. Unsolicited Notifications ..................................9
   4. Extending the LDAP ASN.1 Definition .............................9
      4.1. Result Codes ...............................................9
      4.2. LDAP Message Types .........................................9
      4.3. Authentication Methods ....................................10
      4.4. General ASN.1 Extensibility ...............................10
   5. Schema Extensions ..............................................10
      5.1. LDAP Syntaxes .............................................11
      5.2. Matching Rules ............................................11
      5.3. Attribute Types ...........................................12
      5.4. Object Classes ............................................12
   6. Other Extension Mechanisms .....................................12
      6.1. Attribute Description Options .............................12
      6.2. Authorization Identities ..................................12
      6.3. LDAP URL Extensions .......................................12
   7. Security Considerations ........................................12
   8. Acknowledgements ...............................................13
   9. References .....................................................13
      9.1. Normative References ......................................13
      9.2. Informative References ....................................15

Zeilenga                 Best Current Practice                  [Page 2]
RFC 4521                    LDAP Extensions                    June 2006

1.  Introduction

   The Lightweight Directory Access Protocol (LDAP) [RFC4510] is an
   extensible protocol.

   LDAP allows for new operations to be added and for existing
   operations to be enhanced [RFC4511].

   LDAP allows additional schema to be defined [RFC4512][RFC4517].  This
   can include additional object classes, attribute types, matching
   rules, additional syntaxes, and other elements of schema.  LDAP
   provides an ability to extend attribute types with options [RFC4512].

   LDAP supports a Simple Authentication and Security Layer (SASL)
   authentication method [RFC4511][RFC4513].  SASL [RFC4422] is
Show full document text