mirror of
https://git.openldap.org/openldap/openldap.git
synced 2024-12-21 03:10:25 +08:00
676 lines
22 KiB
Plaintext
676 lines
22 KiB
Plaintext
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
INTERNET-DRAFT Kurt D. Zeilenga
|
|||
|
Intended Category: Experimental OpenLDAP Foundation
|
|||
|
Expires in six months 27 February 2006
|
|||
|
|
|||
|
|
|||
|
|
|||
|
The LDAP Manage Directory Information Tree Control
|
|||
|
<draft-zeilenga-ldap-managedit-00.txt>
|
|||
|
|
|||
|
|
|||
|
Status of this Memo
|
|||
|
|
|||
|
This document is intended to be, after appropriate review and
|
|||
|
revision, submitted to the RFC Editor for publication as an
|
|||
|
Experimental document. Distribution of this memo is unlimited.
|
|||
|
Technical discussion of this document will take place on the IETF LDAP
|
|||
|
Extensions mailing list <ldapext@ietf.org>. Please send editorial
|
|||
|
comments directly to the author <Kurt@OpenLDAP.org>.
|
|||
|
|
|||
|
By submitting this Internet-Draft, each author represents that any
|
|||
|
applicable patent or other IPR claims of which he or she is aware have
|
|||
|
been or will be disclosed, and any of which he or she becomes aware
|
|||
|
will be disclosed, in accordance with Section 6 of BCP 79.
|
|||
|
|
|||
|
Internet-Drafts are working documents of the Internet Engineering Task
|
|||
|
Force (IETF), its areas, and its working groups. Note that other
|
|||
|
groups may also distribute working documents as Internet-Drafts.
|
|||
|
|
|||
|
Internet-Drafts are draft documents valid for a maximum of six months
|
|||
|
and may be updated, replaced, or obsoleted by other documents at any
|
|||
|
time. It is inappropriate to use Internet-Drafts as reference material
|
|||
|
or to cite them other than as "work in progress."
|
|||
|
|
|||
|
The list of current Internet-Drafts can be accessed at
|
|||
|
http://www.ietf.org/1id-abstracts.html
|
|||
|
|
|||
|
The list of Internet-Draft Shadow Directories can be accessed at
|
|||
|
http://www.ietf.org/shadow.html
|
|||
|
|
|||
|
|
|||
|
Copyright (C) The Internet Society (2006). All Rights Reserved.
|
|||
|
|
|||
|
Please see the Full Copyright section near the end of this document
|
|||
|
for more information.
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
Zeilenga LDAP Manage DIT Control [Page 1]
|
|||
|
|
|||
|
INTERNET-DRAFT draft-zeilenga-ldap-managedit-00 27 February 2006
|
|||
|
|
|||
|
|
|||
|
Abstract
|
|||
|
|
|||
|
This document defines the Lightweight Directory Access Protocol (LDAP)
|
|||
|
Manage Directory Information Tree (DIT) Control which allows a
|
|||
|
directory user agent (a client) to request the directory service
|
|||
|
temporarily relax enforcement of constraints of the X.500 models.
|
|||
|
|
|||
|
|
|||
|
1. Background and Intended Use
|
|||
|
|
|||
|
Directory servers accessible via Lightweight Directory Access Protocol
|
|||
|
(LDAP) [Roadmap] are expected to act in accordance with the X.500
|
|||
|
series of ITU-T Recommendations. In particular, servers are expected
|
|||
|
to ensure the X.500 data and service models are not violated.
|
|||
|
|
|||
|
An LDAP server is expected to prevent modification of the structural
|
|||
|
object class of an object [Models]. That is, the X.500 models do not
|
|||
|
allow a 'person' object to be transformed into an
|
|||
|
'organizationalPerson' object through modification of the object.
|
|||
|
Instead, the 'person' object must be deleted and then a new
|
|||
|
'organizationalPerson' object created in its place. This approach,
|
|||
|
aside from being inconvient, is problematic for a number reasons.
|
|||
|
First, as LDAP does not have a standardized method for performing the
|
|||
|
two operations in a single transaction, the intermediate directory
|
|||
|
state (after the delete, before the add) is visible to other clients,
|
|||
|
which may lead to undesirable client behavior. Second, attributes
|
|||
|
such as entryUUID [entryUUID] will reflect the object was replaced,
|
|||
|
not transformed.
|
|||
|
|
|||
|
An LDAP server is expected to prevent clients from modifying values of
|
|||
|
NO-USER-MODIFICATION attributes [Models]. For instance, an entry is
|
|||
|
not allowed to assign or modify the value of the entryUUID attribute.
|
|||
|
However, where an administrator is restoring a previously existing
|
|||
|
object, for instance when repartitioning data between directory
|
|||
|
servers or when migrating from one vendor server product to another,
|
|||
|
it may be desirable to allow the client to assign or modify the value
|
|||
|
of the entryUUID attribute.
|
|||
|
|
|||
|
This document specifies the Manage Directory Information Tree (DIT)
|
|||
|
control. The Manage DIT control may be attached to LDAP requests to
|
|||
|
update the DIT to request DIT restrictions be temporarily relaxed
|
|||
|
during the performance of the requested DIT update. The server is
|
|||
|
however to ensure the resulting directory state is valid.
|
|||
|
|
|||
|
Use of this control is expected that use of this extension will be
|
|||
|
restricted by administrative and/or access controls. It is intended
|
|||
|
to be used by directory administrators.
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
Zeilenga LDAP Manage DIT Control [Page 2]
|
|||
|
|
|||
|
INTERNET-DRAFT draft-zeilenga-ldap-managedit-00 27 February 2006
|
|||
|
|
|||
|
|
|||
|
This extension is considered experimental as it is not yet clear
|
|||
|
whether it adequately addresses directory administrators' needs for
|
|||
|
flexible mechanisms for managing directory objects. It is hoped that
|
|||
|
after suitable amount of time, either this extension or a suitable
|
|||
|
replacement will be standardization.
|
|||
|
|
|||
|
|
|||
|
1.1. Terminology
|
|||
|
|
|||
|
Protocol elements are described using ASN.1 [X.680] with implicit
|
|||
|
tags. The term "BER-encoded" means the element is to be encoded using
|
|||
|
the Basic Encoding Rules [X.690] under the restrictions detailed in
|
|||
|
Section 5.2 of [Protocol].
|
|||
|
|
|||
|
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
|
|||
|
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
|
|||
|
document are to be interpreted as described in BCP 14 [RFC2119].
|
|||
|
|
|||
|
DSA stands for Directory System Agent, a server. DSE stands for DSA-
|
|||
|
specific Entry.
|
|||
|
|
|||
|
|
|||
|
2. The Manage DIT Control
|
|||
|
|
|||
|
The Manage DIT control is an LDAP Control [Protocol] whose controlType
|
|||
|
is IANA-ASSIGNED-OID, controlValue is empty, and the criticality of
|
|||
|
TRUE.
|
|||
|
|
|||
|
There is no corresponding response control.
|
|||
|
|
|||
|
The control is appropriate for all LDAP update requests, including
|
|||
|
add, delete, modify, and modifyDN (rename) [Protocol].
|
|||
|
|
|||
|
The presence of the Manage DIT control in an LDAP update request
|
|||
|
indicates the server temporarily relax X.500 model contraints during
|
|||
|
performance of the directory update.
|
|||
|
|
|||
|
The server may restrict use of this control and/or limit the extent of
|
|||
|
the relaxation provided based upon local policy or factors.
|
|||
|
|
|||
|
The server is obligated to ensure the resulting directory state is
|
|||
|
consistent with the X.500 models. For instance, the server ensure
|
|||
|
that values of attributes conform to the value syntax.
|
|||
|
|
|||
|
It is noted that while this extension may be used to add or modify
|
|||
|
objects in a manner which violate the controlling subschema, the
|
|||
|
presence of objects in the DIT is not inconsistent with the X.500
|
|||
|
models. For instance, an object created prior to establshment of a
|
|||
|
|
|||
|
|
|||
|
|
|||
|
Zeilenga LDAP Manage DIT Control [Page 3]
|
|||
|
|
|||
|
INTERNET-DRAFT draft-zeilenga-ldap-managedit-00 27 February 2006
|
|||
|
|
|||
|
|
|||
|
DIT content rule may contain an attribute now precluded by the current
|
|||
|
controlling DIT Content Rule.
|
|||
|
|
|||
|
Servers implementing this technical specification SHOULD publish the
|
|||
|
object identifier IANA-ASSIGNED-OID as a value of the
|
|||
|
'supportedControl' attribute [Models] in their root DSE. A server MAY
|
|||
|
choose to advertise this extension only when the client is authorized
|
|||
|
to use it.
|
|||
|
|
|||
|
|
|||
|
3. Use Cases
|
|||
|
|
|||
|
3.1. Object metamorphism
|
|||
|
|
|||
|
In absence of this control, an attempt to modify an object's
|
|||
|
'objectClass' in a manner which cause a change in the structural
|
|||
|
object class of the object would normally lead to an
|
|||
|
objectClassModsProhibited error [Protocol]. The presence of the
|
|||
|
Manage DIT control in the modify request requests the change be
|
|||
|
allowed. If the server is willing and able to allow the change in the
|
|||
|
structural object class of the object.
|
|||
|
|
|||
|
For instance, to change an 'organization' object into an
|
|||
|
'organizationalUnit' object, a client could issue the following LDAP
|
|||
|
request:
|
|||
|
|
|||
|
dn: o=Unit,dc=example,dc=net
|
|||
|
control: IANA-ASSIGNED-OID
|
|||
|
changetype: modify
|
|||
|
delete: objectClass
|
|||
|
objectClass: organization
|
|||
|
-
|
|||
|
add: objectClass
|
|||
|
objectClass: organizationalUnit
|
|||
|
-
|
|||
|
|
|||
|
In this case, the server is expected to either effect the requested
|
|||
|
change in the structural object class, including updating of the value
|
|||
|
of the structural object class, or fail the operation.
|
|||
|
|
|||
|
|
|||
|
3.2. Inactive Attribute Types
|
|||
|
|
|||
|
In absence of the Manage DIT control, an attempt to add or modify
|
|||
|
values to an attribute whose type has been marked inactive in the
|
|||
|
controlling subschema (its attribute type description contains the
|
|||
|
OBSOLETE field) [Models] normally results in a failure.
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
Zeilenga LDAP Manage DIT Control [Page 4]
|
|||
|
|
|||
|
INTERNET-DRAFT draft-zeilenga-ldap-managedit-00 27 February 2006
|
|||
|
|
|||
|
|
|||
|
In the presence of the Manage DIT control, the server performs the
|
|||
|
update operation as if the attribute's type is marked active in the
|
|||
|
controlling subschema (its attribute type description does not contain
|
|||
|
the OBSOLETE field).
|
|||
|
|
|||
|
|
|||
|
3.3. DIT Content Rules
|
|||
|
|
|||
|
In absence of the Manage DIT control, an attempt to include the name
|
|||
|
(or OID) of an auxiliary class to an object's 'objectClass' which is
|
|||
|
not allowed by the controlling DIT Content Rule would be disallowed
|
|||
|
[Models]. Additionally, an attempt to add values of an attribute not
|
|||
|
allowed (or explicitly precluded) by the DIT Content Rule would fail.
|
|||
|
|
|||
|
In presence of the Manage DIT control, the server performs the update
|
|||
|
operation as if the controlling DIT Content Rule allowed any and all
|
|||
|
known auxiliary classses to be present and allowed any and all known
|
|||
|
attributes to be present (and precluded no attributes).
|
|||
|
|
|||
|
|
|||
|
3.4. DIT Structure Rules and Name Forms
|
|||
|
|
|||
|
In absence of the Manage DIT control, the service enforces DIT
|
|||
|
structure rules and name form requirements of the controlling
|
|||
|
subschema [Models].
|
|||
|
|
|||
|
In the presence of the Manage DIT control, the server performs the
|
|||
|
update operation ignoring all DIT structure rules and name forms in
|
|||
|
the controlling subschema.
|
|||
|
|
|||
|
|
|||
|
3.5. Modification of Nonconformant Objects
|
|||
|
|
|||
|
It is also noted that in absense of this control, modification of an
|
|||
|
object which presently violates the controlling subschema will fail
|
|||
|
unless the modification would result in the object conforming to the
|
|||
|
controlling subschema. That is, modifications of an non-conformant
|
|||
|
object should result in a conformant object.
|
|||
|
|
|||
|
In the presence of this control, modifications of a non-conformant
|
|||
|
object need not result in a conformant object.
|
|||
|
|
|||
|
|
|||
|
3.6. NO-USER-MODIFICATION attribute modification
|
|||
|
|
|||
|
In absence of this control, an attempt to modify values of a
|
|||
|
NO-USER-MODIFICATION attribute would normally lead to a
|
|||
|
constraintViolation or other appropriate error [Protocol]. In the
|
|||
|
|
|||
|
|
|||
|
|
|||
|
Zeilenga LDAP Manage DIT Control [Page 5]
|
|||
|
|
|||
|
INTERNET-DRAFT draft-zeilenga-ldap-managedit-00 27 February 2006
|
|||
|
|
|||
|
|
|||
|
presence of the Manage DIT control in the update request requests the
|
|||
|
modification be allowed.
|
|||
|
|
|||
|
Relaxation of the NO-USER-MODIFICATION constraint is not appropriate
|
|||
|
for some operational attribute types. For instance, as the value of
|
|||
|
the 'structuralObjectClass' is derived by the values of the
|
|||
|
'objectClass' attribute, the 'structuralObjectClass' attribute type's
|
|||
|
NO-USER-MODIFICATION contraint MUST NOT be relaxed. To effect a
|
|||
|
change in the structuralObjectClass class, values of objectClass
|
|||
|
should be changed as discussed in Section 3.1. Other attributes for
|
|||
|
which the NO-USER-MODIFICATION constraint should not be relaxed
|
|||
|
include 'entryDN' [EntryDN], 'subschemaSubentry' [Models], and
|
|||
|
'collectiveAttributeSubentries' [RFC3671].
|
|||
|
|
|||
|
The subsections of this section discuss modification of various
|
|||
|
operational attributes where their NO-USER-MODIFICATION constraint may
|
|||
|
be relaxed. Future documents may specify where NO-USER-MODIFICATION
|
|||
|
constraints on other operational attribute may be relaxed. In absence
|
|||
|
of a document detailing that the NO-USER-MODIFICATION constraint on a
|
|||
|
particular operational attribute may be relaxed, implementors SHOULD
|
|||
|
assume relaxation of the constraint is not appropriate for that
|
|||
|
attribute.
|
|||
|
|
|||
|
|
|||
|
3.1.1. entryUUID
|
|||
|
|
|||
|
To provide a value for the 'entryUUID' attribute on entry creation,
|
|||
|
the client should issue an LDAP Add request with a Manage DIT control
|
|||
|
providing the desired value. For instance:
|
|||
|
|
|||
|
dn: ou=Unit,dc=example,dc=net
|
|||
|
control: IANA-ASSIGNED-OID
|
|||
|
changetype: add
|
|||
|
objectClass: organizationalUnit
|
|||
|
ou: Unit
|
|||
|
entryUUID: 597ae2f6-16a6-1027-98f4-d28b5365dc14
|
|||
|
|
|||
|
In this case, the server is either to add the entry using the
|
|||
|
provided 'entryUUID' value or fail the request.
|
|||
|
|
|||
|
To provide a replacement value for the 'entryUUID' after entry
|
|||
|
creation, the client should issue an LDAP Modify request with a
|
|||
|
Manage DIT control including an approrpiate change. For instance:
|
|||
|
|
|||
|
dn: ou=Unit,dc=example,dc=net
|
|||
|
control: IANA-ASSIGNED-OID
|
|||
|
changetype: modify
|
|||
|
replace: entryUUID
|
|||
|
|
|||
|
|
|||
|
|
|||
|
Zeilenga LDAP Manage DIT Control [Page 6]
|
|||
|
|
|||
|
INTERNET-DRAFT draft-zeilenga-ldap-managedit-00 27 February 2006
|
|||
|
|
|||
|
|
|||
|
entryUUID: 597ae2f6-16a6-1027-98f4-d28b5365dc14
|
|||
|
-
|
|||
|
|
|||
|
In this case, the server is either to replace the 'entryUUID' value
|
|||
|
as requested or fail the request.
|
|||
|
|
|||
|
|
|||
|
3.2.2. createTimestamp
|
|||
|
|
|||
|
To provide a value for the 'createTimestamp' attribute on entry
|
|||
|
creation, the client should issue an LDAP Add request with a Manage
|
|||
|
DIT control providing the desired 'createTimestamp' value. For
|
|||
|
instance:
|
|||
|
|
|||
|
dn: ou=Unit,dc=example,dc=net
|
|||
|
control: IANA-ASSIGNED-OID
|
|||
|
changetype: add
|
|||
|
objectClass: organizationalUnit
|
|||
|
ou: Unit
|
|||
|
createTimestamp: 20060101000000Z
|
|||
|
|
|||
|
In this case, the server is either to add the entry using the
|
|||
|
provided 'createTimestamp' value or fail the request.
|
|||
|
|
|||
|
To provide a replacement value for the 'createTimestamp' after
|
|||
|
entry creation, the client should issue an LDAP Modify request with
|
|||
|
a Manage DIT control including an approrpiate change. For instance:
|
|||
|
|
|||
|
dn: ou=Unit,dc=example,dc=net
|
|||
|
control: IANA-ASSIGNED-OID
|
|||
|
changetype: modify
|
|||
|
replace: createTimestamp
|
|||
|
createTimestamp: 20060101000000Z
|
|||
|
-
|
|||
|
|
|||
|
In this case, the server is either to replace the 'createTimestamp'
|
|||
|
value as requested or fail the request.
|
|||
|
|
|||
|
The server should ensure the requested 'createTimestamp' value is
|
|||
|
appropriate. In particular, it should fail the request if the
|
|||
|
requested 'createTimestamp' value is in the future or is greater
|
|||
|
than the value of the 'modifyTimestamp' attribute.
|
|||
|
|
|||
|
|
|||
|
3.2.3. modifyTimestamp
|
|||
|
|
|||
|
To provide a value for the 'modifyTimestamp' attribute on entry
|
|||
|
creation, the client should issue an LDAP Add request with a Manage
|
|||
|
|
|||
|
|
|||
|
|
|||
|
Zeilenga LDAP Manage DIT Control [Page 7]
|
|||
|
|
|||
|
INTERNET-DRAFT draft-zeilenga-ldap-managedit-00 27 February 2006
|
|||
|
|
|||
|
|
|||
|
DIT control providing the desired 'modifyTimestamp' value. For
|
|||
|
instance:
|
|||
|
|
|||
|
dn: ou=Unit,dc=example,dc=net
|
|||
|
control: IANA-ASSIGNED-OID
|
|||
|
changetype: add
|
|||
|
objectClass: organizationalUnit
|
|||
|
ou: Unit
|
|||
|
modifyTimestamp: 20060101000000Z
|
|||
|
|
|||
|
In this case, the server is either to add the entry using
|
|||
|
the provided 'modifyTimestamp' value or fail the request.
|
|||
|
|
|||
|
To provide a replacement value for the 'modifyTimestamp' after
|
|||
|
entry creation, the client should issue an LDAP Modify
|
|||
|
request with a Manage DIT control including an approrpiate
|
|||
|
change. For instance:
|
|||
|
|
|||
|
dn: ou=Unit,dc=example,dc=net
|
|||
|
control: IANA-ASSIGNED-OID
|
|||
|
changetype: modify
|
|||
|
replace: modifyTimestamp
|
|||
|
modifyTimestamp: 20060101000000Z
|
|||
|
-
|
|||
|
|
|||
|
In this case, the server is either to replace the 'modifyTimestamp'
|
|||
|
value as requested or fail the request.
|
|||
|
|
|||
|
The server should ensure the requested 'modifyTimestamp' value is
|
|||
|
appropriate. In particular, it should fail the request if the
|
|||
|
requested 'modifyTimestamp' value is in the future or is less than
|
|||
|
the value of the 'createTimestamp' attribute.
|
|||
|
|
|||
|
|
|||
|
3.2.3. creatorsName and modifiersName
|
|||
|
|
|||
|
To provide a value for the 'creatorsName' and/or 'modifiersName'
|
|||
|
attribute on entry creation, the client should issue an LDAP Add
|
|||
|
request with a Manage DIT control providing the desired values.
|
|||
|
For instance:
|
|||
|
|
|||
|
dn: ou=Unit,dc=example,dc=net
|
|||
|
control: IANA-ASSIGNED-OID
|
|||
|
changetype: add
|
|||
|
objectClass: organizationalUnit
|
|||
|
ou: Unit
|
|||
|
creatorsName: cn=Jane Doe,dc=example,net
|
|||
|
modifiersName: cn=Jane Doe,dc=example,net
|
|||
|
|
|||
|
|
|||
|
|
|||
|
Zeilenga LDAP Manage DIT Control [Page 8]
|
|||
|
|
|||
|
INTERNET-DRAFT draft-zeilenga-ldap-managedit-00 27 February 2006
|
|||
|
|
|||
|
|
|||
|
In this case, the server is either to add the entry using
|
|||
|
the provided values or fail the request.
|
|||
|
|
|||
|
To provide a replacement values after entry creation for either of
|
|||
|
the 'creatorsName' or 'modifiersName' attributes or both, the
|
|||
|
client should issue an LDAP Modify request with a Manage DIT control
|
|||
|
including the approrpiate changes. For instance:
|
|||
|
|
|||
|
dn: ou=Unit,dc=example,dc=net
|
|||
|
control: IANA-ASSIGNED-OID
|
|||
|
changetype: modify
|
|||
|
replace: creatorsName
|
|||
|
creatorsName: cn=Jane Doe,dc=example,net
|
|||
|
-
|
|||
|
replace: modifiersName
|
|||
|
modifiersName: cn=Jane Doe,dc=example,net
|
|||
|
-
|
|||
|
|
|||
|
In this case, the server is either to replace the provided
|
|||
|
values as requested or fail the request.
|
|||
|
|
|||
|
|
|||
|
4. Security Considerations
|
|||
|
|
|||
|
Use of this extension should be subject to appropriate administrative
|
|||
|
and access controls. Use of this mechanism is intended to be
|
|||
|
restricted to directory administrators.
|
|||
|
|
|||
|
Security considerations for the base operations [Protocol] extended
|
|||
|
by this control, as well as general LDAP security considerations
|
|||
|
[Roadmap], generally apply to implementation and use of this
|
|||
|
extension.
|
|||
|
|
|||
|
|
|||
|
5. IANA Considerations
|
|||
|
|
|||
|
5.1. Object Identifier
|
|||
|
|
|||
|
It is requested that IANA assign a LDAP Object Identifier [BCP64bis]
|
|||
|
to identify the LDAP Assertion Control defined in this document.
|
|||
|
|
|||
|
Subject: Request for LDAP Object Identifier Registration
|
|||
|
Person & email address to contact for further information:
|
|||
|
Kurt Zeilenga <kurt@OpenLDAP.org>
|
|||
|
Specification: RFC XXXX
|
|||
|
Author/Change Controller: Kurt Zeilenga <kurt@openldap.org>
|
|||
|
Comments: Identifies the LDAP Manage DIT Control
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
Zeilenga LDAP Manage DIT Control [Page 9]
|
|||
|
|
|||
|
INTERNET-DRAFT draft-zeilenga-ldap-managedit-00 27 February 2006
|
|||
|
|
|||
|
|
|||
|
5.2 LDAP Protocol Mechanism
|
|||
|
|
|||
|
Registration of this protocol mechanism [BCP64bis] is requested.
|
|||
|
|
|||
|
Subject: Request for LDAP Protocol Mechanism Registration
|
|||
|
Object Identifier: IANA-ASSIGNED-OID
|
|||
|
Description: Manage DIT Control
|
|||
|
Person & email address to contact for further information:
|
|||
|
Kurt Zeilenga <kurt@openldap.org>
|
|||
|
Usage: Control
|
|||
|
Specification: RFC XXXX
|
|||
|
Author/Change Controller: Kurt Zeilenga <kurt@openldap.org>
|
|||
|
Comments: none
|
|||
|
|
|||
|
|
|||
|
6. Author's Address
|
|||
|
|
|||
|
Kurt D. Zeilenga
|
|||
|
OpenLDAP Foundation
|
|||
|
|
|||
|
Email: Kurt@OpenLDAP.org
|
|||
|
|
|||
|
|
|||
|
7. References
|
|||
|
|
|||
|
[[Note to the RFC Editor: please replace the citation tags used in
|
|||
|
referencing Internet-Drafts with tags of the form RFCnnnn where
|
|||
|
possible.]]
|
|||
|
|
|||
|
|
|||
|
7.1. Normative References
|
|||
|
|
|||
|
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
|
|||
|
Requirement Levels", BCP 14 (also RFC 2119), March 1997.
|
|||
|
|
|||
|
[Roadmap] Zeilenga, K. (editor), "LDAP: Technical Specification
|
|||
|
Road Map", draft-ietf-ldapbis-roadmap-xx.txt, a work in
|
|||
|
progress.
|
|||
|
|
|||
|
[Models] Zeilenga, K. (editor), "LDAP: Directory Information
|
|||
|
Models", draft-ietf-ldapbis-models-xx.txt, a work in
|
|||
|
progress.
|
|||
|
|
|||
|
|
|||
|
|
|||
|
7.2. Informative References
|
|||
|
|
|||
|
[BCP64bis] Zeilenga, K., "IANA Considerations for LDAP",
|
|||
|
|
|||
|
|
|||
|
|
|||
|
Zeilenga LDAP Manage DIT Control [Page 10]
|
|||
|
|
|||
|
INTERNET-DRAFT draft-zeilenga-ldap-managedit-00 27 February 2006
|
|||
|
|
|||
|
|
|||
|
draft-ietf-ldapbis-bcp64-xx.txt, a work in progress.
|
|||
|
|
|||
|
[EntryUUID] Zeilenga, K., "The LDAP EntryUUID Operational
|
|||
|
Attribute", draft-zeilenga-ldap-uuid-xx.txt, a work in
|
|||
|
progress.
|
|||
|
|
|||
|
[RFC2849] Good, G., "The LDAP Data Interchange Format (LDIF) -
|
|||
|
Technical Specification", RFC 2849, June 2000.
|
|||
|
|
|||
|
|
|||
|
|
|||
|
Intellectual Property Rights
|
|||
|
|
|||
|
The IETF takes no position regarding the validity or scope of any
|
|||
|
Intellectual Property Rights or other rights that might be claimed to
|
|||
|
pertain to the implementation or use of the technology described in
|
|||
|
this document or the extent to which any license under such rights
|
|||
|
might or might not be available; nor does it represent that it has
|
|||
|
made any independent effort to identify any such rights. Information
|
|||
|
on the procedures with respect to rights in RFC documents can be found
|
|||
|
in BCP 78 and BCP 79.
|
|||
|
|
|||
|
Copies of IPR disclosures made to the IETF Secretariat and any
|
|||
|
assurances of licenses to be made available, or the result of an
|
|||
|
attempt made to obtain a general license or permission for the use of
|
|||
|
such proprietary rights by implementers or users of this specification
|
|||
|
can be obtained from the IETF on-line IPR repository at
|
|||
|
http://www.ietf.org/ipr.
|
|||
|
|
|||
|
The IETF invites any interested party to bring to its attention any
|
|||
|
copyrights, patents or patent applications, or other proprietary
|
|||
|
rights that may cover technology that may be required to implement
|
|||
|
this standard. Please address the information to the IETF at
|
|||
|
ietf-ipr@ietf.org.
|
|||
|
|
|||
|
|
|||
|
|
|||
|
Full Copyright
|
|||
|
|
|||
|
Copyright (C) The Internet Society (2006).
|
|||
|
|
|||
|
This document is subject to the rights, licenses and restrictions
|
|||
|
contained in BCP 78, and except as set forth therein, the authors
|
|||
|
retain all their rights.
|
|||
|
|
|||
|
This document and the information contained herein are provided on an
|
|||
|
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
|
|||
|
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
|
|||
|
|
|||
|
|
|||
|
|
|||
|
Zeilenga LDAP Manage DIT Control [Page 11]
|
|||
|
|
|||
|
INTERNET-DRAFT draft-zeilenga-ldap-managedit-00 27 February 2006
|
|||
|
|
|||
|
|
|||
|
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
|
|||
|
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
|
|||
|
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
|
|||
|
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
Zeilenga LDAP Manage DIT Control [Page 12]
|
|||
|
|