Lightweight Directory Access Protocol (LDAP) Read Entry Controls
Note: This ballot was opened for revision 04 and is now closed.
(Ted Hardie) Yes
(Brian Carpenter) No Objection
Editorial points from review by Scott Brim: ... Some text suggestions: If the update operation fails (in either normal or control processing), no response control is provided. I know this means that no response control is provided for the post-read request, but as a naive reader I had to stop and think whether that meant no response was provided to the update request at all. Not knowing the protocol well, it's hard for me to suggest an improvement, but consider adding "to the post-read request control". The Pre-Read and Post-Read controls may be combined with each other and/or with a variety of other controls. When combined with the assertion control [Assertion] and/or the manageDsaIT control [RFC3296], the semantics of each control included in the combination apply. The Pre-Read and Post-Read controls may be combined with other controls as detailed in other technical specifications. You could delete the last sentence, which is somewhat redundant, if you added "as detailed in other specifications" to the first sentence. The controls defined in this document extend update operations to support read capabilities. Servers MUST ensure that the client is authorized both for reading of the information provided in this control in addition to ensuring the client is authorized to perform the requested directory update. That last sentence has too much in it and probably isn't English. How about "Servers MUST ensure that the client is authorized both to read the information provided in this control and to perform the requested directory update"? A small nit: sometimes it says "a LDAP control" and sometimes "an LDAP control".