mirror of
https://git.openldap.org/openldap/openldap.git
synced 2024-12-27 03:20:22 +08:00
396 lines
13 KiB
Plaintext
396 lines
13 KiB
Plaintext
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
INTERNET-DRAFT Kurt D. Zeilenga
|
|||
|
Intended Category: Experimental OpenLDAP Foundation
|
|||
|
Expires in six months 3 May 2003
|
|||
|
|
|||
|
|
|||
|
LDAP Transactions
|
|||
|
<draft-zeilenga-ldap-txn-06.txt>
|
|||
|
|
|||
|
|
|||
|
Status of Memo
|
|||
|
|
|||
|
This document is an Internet-Draft and is in full conformance with all
|
|||
|
provisions of Section 10 of RFC2026.
|
|||
|
|
|||
|
This document is intended to be, after appropriate review and
|
|||
|
revision, submitted to the RFC Editor as an Experimental document.
|
|||
|
Distribution of this memo is unlimited. Technical discussion of this
|
|||
|
document will take place on the IETF LDAP Extension Working Group
|
|||
|
mailing list <ldapext@ietf.org>. Please send editorial comments
|
|||
|
directly to the author <Kurt@OpenLDAP.org>.
|
|||
|
|
|||
|
Internet-Drafts are working documents of the Internet Engineering Task
|
|||
|
Force (IETF), its areas, and its working groups. Note that other
|
|||
|
groups may also distribute working documents as Internet-Drafts.
|
|||
|
Internet-Drafts are draft documents valid for a maximum of six months
|
|||
|
and may be updated, replaced, or obsoleted by other documents at any
|
|||
|
time. It is inappropriate to use Internet-Drafts as reference
|
|||
|
material or to cite them other than as ``work in progress.''
|
|||
|
|
|||
|
The list of current Internet-Drafts can be accessed at
|
|||
|
<http://www.ietf.org/ietf/1id-abstracts.txt>. The list of
|
|||
|
Internet-Draft Shadow Directories can be accessed at
|
|||
|
<http://www.ietf.org/shadow.html>.
|
|||
|
|
|||
|
Copyright 2003, The Internet Society. All Rights Reserved.
|
|||
|
|
|||
|
Please see the Copyright section near the end of this document for
|
|||
|
more information.
|
|||
|
|
|||
|
|
|||
|
Abstract
|
|||
|
|
|||
|
Lightweight Directory Access Protocol (LDAP) update operations acting
|
|||
|
upon entries have atomic, consistency, isolation, durability (ACID)
|
|||
|
properties. However, it is often desirable to update two or more
|
|||
|
entries as one unit of interaction, a transaction. Transactions are
|
|||
|
necessary to support a number of applications including resource
|
|||
|
provisioning and information replication. This document defines an
|
|||
|
|
|||
|
|
|||
|
|
|||
|
Zeilenga LDAP Transactions [Page 1]
|
|||
|
|
|||
|
INTERNET-DRAFT draft-zeilenga-ldap-txn-06 3 May 2003
|
|||
|
|
|||
|
|
|||
|
LDAP extension to support transactions.
|
|||
|
|
|||
|
|
|||
|
Conventions
|
|||
|
|
|||
|
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
|
|||
|
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
|
|||
|
document are to be interpreted as described in BCP 14 [RFC2119].
|
|||
|
|
|||
|
Protocol elements are described using ASN.1 [X.680]. The term
|
|||
|
"BER-encoded" means the element is to be encoded using the Basic
|
|||
|
Encoding Rules [X.690] under the restrictions detailed in Section 5.1
|
|||
|
of [RFC2251].
|
|||
|
|
|||
|
|
|||
|
1. Overview
|
|||
|
|
|||
|
This document extends the Lightweight Directory Access Protocol (LDAP)
|
|||
|
[RFC3377] to allow clients to group a number of related update
|
|||
|
operations [RFC2251] and have them preformed as one unit of
|
|||
|
interaction, a transaction. As with distinct update operations, each
|
|||
|
transaction has atomic, consistency, isolation, and durability
|
|||
|
([ACID]) properties.
|
|||
|
|
|||
|
This extension uses the grouping mechanism provided by [GROUP] to
|
|||
|
relate operations of the transaction. The createGrouping operation is
|
|||
|
used to obtain a group cookie which is used to identify operations
|
|||
|
which are apart of the transaction. The group cookie can be viewed as
|
|||
|
a transaction identifier. The endGrouping operation is used to settle
|
|||
|
(commit or abort) the transaction.
|
|||
|
|
|||
|
|
|||
|
2. Specification of a Transaction
|
|||
|
|
|||
|
Servers implementing this specification SHOULD publish the
|
|||
|
transactionGroupingType as a value of the 'supportedGroupingTypes'
|
|||
|
attribute contained within the Root DSE.
|
|||
|
|
|||
|
transactionGroupingType ::= IANA-ASSIGNED-OID
|
|||
|
|
|||
|
A client wishing to preform a transaction issues a
|
|||
|
createGroupingRequest with a createGroupType of
|
|||
|
transactionGroupingType and no createGroupValue. A server which is
|
|||
|
willing and able to support transactions returns a
|
|||
|
createGroupingResponse with a success result code, a
|
|||
|
createGroupCookie, and no createGroupValue. Otherwise the server
|
|||
|
returns a non-success result code, no createGroupCookie, and no
|
|||
|
createGroupValue.
|
|||
|
|
|||
|
|
|||
|
|
|||
|
Zeilenga LDAP Transactions [Page 2]
|
|||
|
|
|||
|
INTERNET-DRAFT draft-zeilenga-ldap-txn-06 3 May 2003
|
|||
|
|
|||
|
|
|||
|
The client then issues may issue one or more update (add, delete,
|
|||
|
modify, rename) requests, each with a GroupingControl indicating they
|
|||
|
are to processed as part of the transaction grouping. If the server
|
|||
|
is willing and able to attempt to process operation as part of the
|
|||
|
transaction, the server returns success. As further processing of the
|
|||
|
operation is be deferred until settlement, the operation is considered
|
|||
|
still outstanding and its messageID cannot to be reused until after
|
|||
|
settlement. If the server is unwilling or unable to attempt to
|
|||
|
process the operation as part of the transaction, the server returns a
|
|||
|
non-successful result code.
|
|||
|
|
|||
|
If the server becomes unwilling or unable to continue the
|
|||
|
specification of a transaction, the server return the canceled
|
|||
|
resultCode for each deferred operation and then issue a endGroupNotice
|
|||
|
with a non-success resultCode. Any future use of cookie by the client
|
|||
|
will result in a response containing a non-success result code. Upon
|
|||
|
receipt of a endGroupingNotice, the client is to discontinue all use
|
|||
|
of the grouping cookie as the transaction is null and void.
|
|||
|
|
|||
|
A client requests settling of transaction by issuing an
|
|||
|
endGroupingRequest where the groupingCookie is the group cookie
|
|||
|
identify the transaction. The absence of any endGroupingValue
|
|||
|
indicates a commit request. The presence of an empty endGroupValue
|
|||
|
indicates an abort request. The endGroupValue MUST be empty if
|
|||
|
provided.
|
|||
|
|
|||
|
If the commit response indicates failure, the server may return an
|
|||
|
endGroupingValue with the endGroupingResponse. If so, it contains the
|
|||
|
BER-encoding of a MessageID [RFC2251] of the update operation
|
|||
|
associated with the failure.
|
|||
|
|
|||
|
|
|||
|
3. Settling of the Transaction
|
|||
|
|
|||
|
Upon receipt of a request to abort the transaction, the server is to
|
|||
|
abort the transaction and then return an endGroupingResponse
|
|||
|
indicating success.
|
|||
|
|
|||
|
Upon receipt of a request to commit the transaction, the server
|
|||
|
processes the group of update operations as one atomic, isolated
|
|||
|
action with each update request being processed in turn. Either all
|
|||
|
of the requested updates SHALL be successfully applied or none of the
|
|||
|
requested SHALL be applied. If all are applied, the server returns an
|
|||
|
endGroupingResponse indicating success. Otherwise, the server returns
|
|||
|
an endGroupingResponse indicating the nature of the failure. If the
|
|||
|
failure is associated with a particular update operation, the message
|
|||
|
ID is returned an attached endGroupingValue. If the failure was not
|
|||
|
associated with any particular update operation, no endGroupingValue
|
|||
|
|
|||
|
|
|||
|
|
|||
|
Zeilenga LDAP Transactions [Page 3]
|
|||
|
|
|||
|
INTERNET-DRAFT draft-zeilenga-ldap-txn-06 3 May 2003
|
|||
|
|
|||
|
|
|||
|
is to be provided.
|
|||
|
|
|||
|
There is no requirement that a server serialize transactions. That
|
|||
|
is, a server MAY process multiple transactions commit requests (from
|
|||
|
one or more clients) acting upon different sets of entries
|
|||
|
concurrently. A server MUST avoid deadlock.
|
|||
|
|
|||
|
|
|||
|
4. Distributed Directory Considerations
|
|||
|
|
|||
|
The LDAP/X.500 models provide for distributed directory operations
|
|||
|
including server-side chaining and client-side chasing of operations.
|
|||
|
|
|||
|
This document does not disallow servers from chaining operations which
|
|||
|
are part of a transaction. However, if a server does allow such
|
|||
|
chaining, it MUST ensure that transaction semantics detailed above are
|
|||
|
provided.
|
|||
|
|
|||
|
This mechanism defined by this document does not support client-side
|
|||
|
chasing. Grouping cookies used to identify the transaction are
|
|||
|
specific to a particular client/server session.
|
|||
|
|
|||
|
The LDAP/X.500 models provide for a single-master/multiple-slave
|
|||
|
replication architecture. This document states no requirement that
|
|||
|
changes made to the directory based upon processing a transaction be
|
|||
|
replicated as one atomic action. That is, the client SHOULD NOT
|
|||
|
assume tight data consistency nor fast data convergence at slave
|
|||
|
servers unless they have prior knowledge that such is provided.
|
|||
|
Though this mechanism could be used to support replication, such use
|
|||
|
is not described in this document.
|
|||
|
|
|||
|
The LDAP/X.500 models do not currently support a multi-master
|
|||
|
replication architecture and, hence, not considered by this
|
|||
|
specification.
|
|||
|
|
|||
|
|
|||
|
5. Security Considerations
|
|||
|
|
|||
|
Transactions mechanisms and related grouping operations may be the
|
|||
|
target of denial of service attacks. Implementors should provide
|
|||
|
safeguards to ensure these mechanisms are not abused.
|
|||
|
|
|||
|
|
|||
|
6. IANA Considerations
|
|||
|
|
|||
|
In accordance with [RFC3383], it is requested that Internet Assigned
|
|||
|
Numbers Authority (IANA) make the following assignments.
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
Zeilenga LDAP Transactions [Page 4]
|
|||
|
|
|||
|
INTERNET-DRAFT draft-zeilenga-ldap-txn-06 3 May 2003
|
|||
|
|
|||
|
|
|||
|
6.1. Object Identifier
|
|||
|
|
|||
|
An LDAP Object Identifier to identify the grouping type defined in
|
|||
|
this document is requested.
|
|||
|
|
|||
|
The following registration template is suggested:
|
|||
|
|
|||
|
Subject: Request for LDAP Object Identifier Registration
|
|||
|
Person & email address to contact for further information:
|
|||
|
Kurt Zeilenga <kurt@OpenLDAP.org>
|
|||
|
Specification: RFCXXXX
|
|||
|
Author/Change Controller: IESG
|
|||
|
Comments:
|
|||
|
Identifies the LDAP Transactions Grouping Type
|
|||
|
|
|||
|
|
|||
|
6.2. LDAP Protocol Mechanism
|
|||
|
|
|||
|
Registration of the protocol mechanisms defined in this document is
|
|||
|
requested.
|
|||
|
|
|||
|
Subject: Request for LDAP Protocol Mechansism Registration
|
|||
|
|
|||
|
Object Identifier: IANA-ASSIGNED-OID
|
|||
|
Description: LDAP Transaction Grouping Type
|
|||
|
Person & email address to contact for further information:
|
|||
|
Kurt Zeilenga <kurt@openldap.org>
|
|||
|
Usage: Grouping
|
|||
|
Specification: RFCxxxx
|
|||
|
Author/Change Controller: IESG
|
|||
|
Comments: none
|
|||
|
|
|||
|
|
|||
|
7. Acknowledgments
|
|||
|
|
|||
|
The author gratefully acknowledges the contributions made by members
|
|||
|
of the Internet Engineering Task Force.
|
|||
|
|
|||
|
|
|||
|
8. Author's Address
|
|||
|
|
|||
|
Kurt D. Zeilenga
|
|||
|
OpenLDAP Foundation
|
|||
|
<Kurt@OpenLDAP.org>
|
|||
|
|
|||
|
|
|||
|
9. Normative References
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
Zeilenga LDAP Transactions [Page 5]
|
|||
|
|
|||
|
INTERNET-DRAFT draft-zeilenga-ldap-txn-06 3 May 2003
|
|||
|
|
|||
|
|
|||
|
[RFC2119] S. Bradner, "Key Words for use in RFCs to Indicate
|
|||
|
Requirement Levels", BCP 14 (also RFC 2119), March 1997.
|
|||
|
|
|||
|
[RFC2251] M. Wahl, S. Kille, T. Howes, "Lightweight Directory Access
|
|||
|
Protocol (v3)", RFC 2251, December 1997.
|
|||
|
|
|||
|
[RFC3377] J. Hodges, R. Morgan, "Lightweight Directory Access
|
|||
|
Protocol (v3): Technical Specification", RFC 3377, September 2002.
|
|||
|
|
|||
|
[GROUP] K. Zeilenga, "LDAP: Grouping of Related Operations",
|
|||
|
draft-zeilenga-ldap-grouping-xx.txt, a work in progress.
|
|||
|
|
|||
|
[X.680] ITU-T, "Abstract Syntax Notation One (ASN.1) - Specification
|
|||
|
of Basic Notation", X.680, 1994.
|
|||
|
|
|||
|
[X.690] ITU-T, "Specification of ASN.1 encoding rules: Basic,
|
|||
|
Canonical, and Distinguished Encoding Rules", X.690, 1994.
|
|||
|
|
|||
|
|
|||
|
10. Informative References
|
|||
|
|
|||
|
[ACID] Section 4 of ISO/IEC 10026-1:1992.
|
|||
|
|
|||
|
[RFC3383] K. Zeilenga, "IANA Considerations for LDAP", BCP 64 (also
|
|||
|
RFC 3383), September 2002.
|
|||
|
|
|||
|
[X.500] ITU-T, "The Directory: Overview of Concepts, Models, and
|
|||
|
Services", X.500, 1993.
|
|||
|
|
|||
|
[X.501] ITU-T, "The Directory: Models", X.501, 1993.
|
|||
|
|
|||
|
|
|||
|
Copyright 2003, The Internet Society. All Rights Reserved.
|
|||
|
|
|||
|
This document and translations of it may be copied and furnished
|
|||
|
to others, and derivative works that comment on or otherwise explain
|
|||
|
it or assist in its implementation may be prepared, copied, published
|
|||
|
and distributed, in whole or in part, without restriction of any
|
|||
|
kind, provided that the above copyright notice and this paragraph
|
|||
|
are included on all such copies and derivative works. However,
|
|||
|
this document itself may not be modified in any way, such as by
|
|||
|
removing the copyright notice or references to the Internet Society
|
|||
|
or other Internet organizations, except as needed for the purpose
|
|||
|
of developing Internet standards in which case the procedures for
|
|||
|
copyrights defined in the Internet Standards process must be followed,
|
|||
|
or as required to translate it into languages other than English.
|
|||
|
|
|||
|
The limited permissions granted above are perpetual and will not
|
|||
|
|
|||
|
|
|||
|
|
|||
|
Zeilenga LDAP Transactions [Page 6]
|
|||
|
|
|||
|
INTERNET-DRAFT draft-zeilenga-ldap-txn-06 3 May 2003
|
|||
|
|
|||
|
|
|||
|
be revoked by the Internet Society or its successors or assigns.
|
|||
|
|
|||
|
This document and the information contained herein is provided on
|
|||
|
an "AS IS" basis and THE AUTHORS, THE INTERNET SOCIETY, AND THE
|
|||
|
INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS
|
|||
|
OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE
|
|||
|
OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
|
|||
|
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
Zeilenga LDAP Transactions [Page 7]
|
|||
|
|