mirror/openldap
2
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-01-30 13:30:57 +08:00
Code Issues Packages Projects Releases Wiki Activity

Sync with HEAD

Browse Source
This commit is contained in:
Kurt Zeilenga 2004-03-19 18:11:08 +00:00
parent a07da9fcbb
commit a7e1b43cec
9 changed files with 4598 additions and 3828 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2188
doc/drafts/draft-ietf-ldapbis-authmeth-xx.txt
View File

File diff suppressed because it is too large Load Diff

338
doc/drafts/draft-ietf-ldapbis-dn-xx.txt
View File

@ -6,13 +6,13 @@
INTERNET-DRAFT Editor: Kurt D. Zeilenga
Intended Category: Standard Track OpenLDAP Foundation
Expires in six months 27 October 2003
Expires in six months 15 February 2004
Obsoletes: 2253
LDAP: String Representation of Distinguished Names
<draft-ietf-ldapbis-dn-12.txt>
<draft-ietf-ldapbis-dn-13.txt>
@ -42,7 +42,7 @@ Status of Memo
Internet-Draft Shadow Directories can be accessed at
<http://www.ietf.org/shadow.html>.
Copyright (C) The Internet Society (2003). All Rights Reserved.
Copyright (C) The Internet Society (2004). All Rights Reserved.
Please see the Full Copyright section near the end of this document
for more information.
@ -57,7 +57,7 @@ Status of Memo
Zeilenga LDAP: Distinguished Names [Page 1]
INTERNET-DRAFT draft-ietf-ldapbis-dn-12.txt 27 October 2003
INTERNET-DRAFT draft-ietf-ldapbis-dn-13.txt 15 Febrary 2004
Abstract
@ -70,13 +70,6 @@ Abstract
names, while being able to represent any distinguished name.
Conventions
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in BCP 14 [RFC2119].
1. Background and Intended Usage
In X.500-based directory systems [X.500], including those accessed
@ -109,27 +102,41 @@ Conventions
from its ASN.1 structured representation to a string, all algorithms
MUST produce strings which adhere to the requirements of Section 3.
Zeilenga LDAP: Distinguished Names [Page 2]
INTERNET-DRAFT draft-ietf-ldapbis-dn-12.txt 27 October 2003
This document does not define a canonical string representation for
DNs. Comparison of DNs for equality is to be performed in accordance
with the distinguishedNameMatch matching rule [Syntaxes].
This document is an integral part of the LDAP Technical Specification
[Roadmap].
[Roadmap]. This document obsoletes RFC 2253. Changes since RFC 2253
This document obsoletes RFC 2253. Changes since RFC 2253 are
summarized in Appendix B.
This specification assumes familiarity with X.500 [X.500], and the
Zeilenga LDAP: Distinguished Names [Page 2]
INTERNET-DRAFT draft-ietf-ldapbis-dn-13.txt 15 Febrary 2004
are summarized in Appendix B.
This specification assumes familiarity with X.500 [X.500] and the
concept of Distinguished Name [X.501][Models].
1.1. Conventions
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in BCP 14 [RFC2119].
Character names in this document use the notation for code points and
names from the Unicode Standard [Unicode]. For example, the letter
"a" may be represented as either <U+0061> or <LATIN SMALL LETTER A>.
Note: a glossary of terms used in Unicode can be found in [Glossary].
Information on the Unicode character encoding model can be found in
[CharModel].
2. Converting DistinguishedName from ASN.1 to a String
X.501 [X.501] defines the ASN.1 [X.680] structure of distinguished
@ -148,15 +155,23 @@ INTERNET-DRAFT draft-ietf-ldapbis-dn-12.txt 27 October 2003
This section defines the RECOMMENDED algorithm for converting a
distinguished name from an ASN.1 structured representation to an UTF-8
[UTF-8] encoded Universal Character Set (UCS) [ISO10646] character
string representation. Other documents may describe other algorithms
for converting a distinguished name to a string, but only strings
which conform to the grammar defined in Section 3 MUST be produced by
LDAP implementations.
[RFC3629] encoded Unicode [Unicode] character string representation.
Other documents may describe other algorithms for converting a
distinguished name to a string, but only strings which conform to the
grammar defined in Section 3 SHALL be produced by LDAP
implementations.
2.1. Converting the RDNSequence
Zeilenga LDAP: Distinguished Names [Page 3]
INTERNET-DRAFT draft-ietf-ldapbis-dn-13.txt 15 Febrary 2004
If the RDNSequence is an empty sequence, the result is the empty or
zero length string.
@ -165,15 +180,8 @@ INTERNET-DRAFT draft-ietf-ldapbis-dn-12.txt 27 October 2003
2.2), starting with the last element of the sequence and moving
backwards toward the first.
Zeilenga LDAP: Distinguished Names [Page 3]
INTERNET-DRAFT draft-ietf-ldapbis-dn-12.txt 27 October 2003
The encodings of adjoining RelativeDistinguishedNames are separated by
a comma ("," U+002C) character.
a comma (',' U+002C) character.
2.2. Converting RelativeDistinguishedName
@ -183,14 +191,14 @@ INTERNET-DRAFT draft-ietf-ldapbis-dn-12.txt 27 October 2003
AttributeTypeAndValue (according to Section 2.3), in any order.
Where there is a multi-valued RDN, the outputs from adjoining
AttributeTypeAndValues are separated by a plus sign ("+" U+002B)
AttributeTypeAndValues are separated by a plus sign ('+' U+002B)
character.
2.3. Converting AttributeTypeAndValue
The AttributeTypeAndValue is encoded as the string representation of
the AttributeType, followed by an equals ("=" U+003D) character,
the AttributeType, followed by an equals ('=' U+003D) character,
followed by the string representation of the AttributeValue. The
encoding of the AttributeValue is given in Section 2.4.
@ -210,37 +218,38 @@ INTERNET-DRAFT draft-ietf-ldapbis-dn-12.txt 27 October 2003
2.4. Converting an AttributeValue from ASN.1 to a String
If the AttributeType is of the dotted-decimal form, the AttributeValue
is represented by an number sign ("#" U+0023) character followed by
is represented by an number sign ('#' U+0023) character followed by
the hexadecimal encoding of each of the octets of the BER encoding of
the X.500 AttributeValue. This form is also used when the syntax of
the AttributeValue does not have a native string encoding defined for
it or the native string encoding is not restricted to UTF-8 encoded
UCS (or a subset of UCS) characters. This form may also be used in
other cases, such as when a reversible string representation is
desired (see Section 5.2).
Otherwise, if the AttributeValue is of a syntax which has a native
Zeilenga LDAP: Distinguished Names [Page 4]
INTERNET-DRAFT draft-ietf-ldapbis-dn-12.txt 27 October 2003
INTERNET-DRAFT draft-ietf-ldapbis-dn-13.txt 15 Febrary 2004
string encoding, the value is converted first to a UTF-8 encoded UCS
string according to its syntax specification (see for example Section
6 of [Syntaxes]). If that UTF-8 encoded UCS string does not have any
of the following characters which need escaping, then that string can
be used as the string representation of the value.
the X.500 AttributeValue. This form is also used when the syntax of
the AttributeValue does not have a LDAP-specific [Syntaxes, Section
3.1] string encoding defined for it or the LDAP-specific string
encoding is not restricted to UTF-8 encoded Unicode characters. This
form may also be used in other cases, such as when a reversible string
representation is desired (see Section 5.2).
- a space (" " U+0020) or number sign ("#" U+0023) occurring at
Otherwise, if the AttributeValue is of a syntax which has a
LDAP-specific string encoding, the value is converted first to a UTF-8
encoded Unicode string according to its syntax specification (see
[Syntaxes, Section 3.3] for examples). If that UTF-8 encoded Unicode
string does not have any of the following characters which need
escaping, then that string can be used as the string representation of
the value.
- a space (' ' U+0020) or number sign ('#' U+0023) occurring at
the beginning of the string;
- a space (" " U+0020) character occurring at the end of the
- a space (' ' U+0020) character occurring at the end of the
string;
- one of the characters """, "+", ",", ";", "<", ">", or "\"
- one of the characters '"', '+', ',', ';', '<', '>', or '\'
(U+0022, U+002B, U+002C, U+003B, U+003C, U+003E, or U+005C
respectively);
@ -253,11 +262,11 @@ INTERNET-DRAFT draft-ietf-ldapbis-dn-12.txt 27 October 2003
character. Alternatively, if and only if the character to be escaped
is one of
" ", """, "#", "+", ",", ";", "<", "=", ">", or "\"
' ', '"', '#', '+', ',', ';', '<', '=', '>', or '\'
(U+0020, U+0022, U+0023, U+002B, U+002C, U+003B,
U+003C, U+003D, U+003E, U+005C respectively)
it can be prefixed by a backslash ("\" U+0005C).
it can be prefixed by a backslash ('\' U+0005C).
Examples of the escaping mechanism are shown in Section 4.
@ -265,34 +274,31 @@ INTERNET-DRAFT draft-ietf-ldapbis-dn-12.txt 27 October 2003
3. Parsing a String back to a Distinguished Name
The string representation of Distinguished Names is restricted to
UTF-8 [UTF-8] encoded characters from the Universal Character Set
(UCS) [ISO10646]. The structure of this string representation is
specified using the following Augmented BNF [RFC2234] grammar:
distinguishedName = [ relativeDistinguishedName
*( COMMA relativeDistinguishedName ) ]
relativeDistinguishedName = attributeTypeAndValue
*( PLUS attributeTypeAndValue )
attributeTypeAndValue = attributeType EQUALS attributeValue
UTF-8 [RFC3629] encoded Unicode [Unicode] characters. The structure
of this string representation is specified using the following
Zeilenga LDAP: Distinguished Names [Page 5]
INTERNET-DRAFT draft-ietf-ldapbis-dn-12.txt 27 October 2003
INTERNET-DRAFT draft-ietf-ldapbis-dn-13.txt 15 Febrary 2004
Augmented BNF [RFC2234] grammar:
distinguishedName = [ relativeDistinguishedName
*( COMMA relativeDistinguishedName ) ]
relativeDistinguishedName = attributeTypeAndValue
*( PLUS attributeTypeAndValue )
attributeTypeAndValue = attributeType EQUALS attributeValue
attributeType = descr / numericoid
attributeValue = string / hexstring
; The UTF-8 string shall not contain NULL, ESC, or
; one of escaped, shall not start with SHARP or SPACE,
; and shall must not end with SPACE.
; The following characters are to be escaped when they appear
; in the value to be encoded: ESC, one of <escaped>, leading
; SHARP or SPACE, trailing SPACE, and NULL.
string = [ (leadchar / pair)
[ *( stringchar / pair ) ( trailchar / pair ) ] ]
[ *( stringchar / pair ) ( trailchar / pair ) ] ]
leadchar = LUTF1 / UTFMB
LUTF1 = %x01-1F / %x21 / %x24-2A / %x2D-3A /
@ -307,13 +313,9 @@ INTERNET-DRAFT draft-ietf-ldapbis-dn-12.txt 27 October 2003
%x3D / %x3F-5B / %x5D-7F
pair = ESC ( ESC / special / hexpair )
special = escaped / SPACE / SHARP / EQUALS
escaped = DQUOTE / PLUS / COMMA / SEMI / LANGLE / RANGLE
hexstring = SHARP 1*hexpair
hexpair = HEX HEX
where the productions <descr>, <numericoid>, <COMMA>, <DQUOTE>,
@ -330,16 +332,16 @@ INTERNET-DRAFT draft-ietf-ldapbis-dn-12.txt 27 October 2003
appearing in the <string> as follows:
replace <ESC><ESC> with <ESC>;
replace <ESC><special> with <special>;
replace <ESC><hexpair> with the octet indicated by the <hexpair>.
Zeilenga LDAP: Distinguished Names [Page 6]
INTERNET-DRAFT draft-ietf-ldapbis-dn-12.txt 27 October 2003
INTERNET-DRAFT draft-ietf-ldapbis-dn-13.txt 15 Febrary 2004
replace <ESC><hexpair> with the octet indicated by the <hexpair>.
If in <hexstring> form, a BER representation can be obtained from
converting each <hexpair> of the <hexstring> to the octet indicated by
the <hexpair>.
@ -366,56 +368,53 @@ INTERNET-DRAFT draft-ietf-ldapbis-dn-12.txt 27 October 2003
DC domainComponent (0.9.2342.19200300.100.1.25)
UID userId (0.9.2342.19200300.100.1.1)
Implementations MAY recognize other DN string representations
(such as that described in RFC 1779). However, as there is no
requirement that alternative DN string representations to be
recognized (and, if so, how), implementations SHOULD only generate
DN strings in accordance with Section 2 of this document.
Implementations MAY recognize other DN string representations (such as
that described in RFC 1779). However, as there is no requirement that
alternative DN string representations to be recognized (and, if so,
how), implementations SHOULD only generate DN strings in accordance
with Section 2 of this document.
4. Examples
This notation is designed to be convenient for common forms of
name. This section gives a few examples of distinguished names
written using this notation. First is a name containing three
relative distinguished names (RDNs):
This notation is designed to be convenient for common forms of name.
This section gives a few examples of distinguished names written using
this notation. First is a name containing three relative
distinguished names (RDNs):
UID=jsmith,DC=example,DC=net
UID=jsmith,DC=example,DC=net
Here is an example name containing three RDNs, in which the first
RDN is multi-valued:
Here is an example name containing three RDNs, in which the first RDN
is multi-valued:
OU=Sales+CN=J. Smith,DC=example,DC=net
This example shows the method of escaping of a comma in a common
OU=Sales+CN=J. Smith,DC=example,DC=net
Zeilenga LDAP: Distinguished Names [Page 7]
INTERNET-DRAFT draft-ietf-ldapbis-dn-12.txt 27 October 2003
INTERNET-DRAFT draft-ietf-ldapbis-dn-13.txt 15 Febrary 2004
name:
This example shows the method of escaping of a comma in a common name:
CN=John Smith\, III,DC=example,DC=net
CN=John Smith\, III,DC=example,DC=net
An example name in which a value contains a carriage return
character:
An example name in which a value contains a carriage return character:
CN=Before\0dAfter,DC=example,DC=net
CN=Before\0dAfter,DC=example,DC=net
An example name in which an RDN was of an unrecognized type. The
value is the BER encoding of an OCTET STRING containing two octets
0x48 and 0x69.
An example name in which an RDN was of an unrecognized type. The
value is the BER encoding of an OCTET STRING containing two octets
0x48 and 0x69.
1.3.6.1.4.1.1466.0=#04024869,DC=example,DC=com
1.3.6.1.4.1.1466.0=#04024869,DC=example,DC=com
Finally, an example of an RDN commonName value consisting of 5
letters:
Finally, an example of an RDN commonName value consisting of 5
letters:
Unicode Letter Description UCS code UTF-8 Escaped
------------------------------- -------- ------ --------
Unicode Character Code UTF-8 Escaped
------------------------------- ------ ------ --------
LATIN CAPITAL LETTER L U+004C 0x4C L
LATIN SMALL LETTER U U+0075 0x75 u
LATIN SMALL LETTER C WITH CARON U+010D 0xC48D \C4\8D
@ -444,15 +443,15 @@ INTERNET-DRAFT draft-ietf-ldapbis-dn-12.txt 27 October 2003
- the common name of the object (i.e. a person's full name)
- an email or TCP/IP address
- its physical location (country, locality, city, street address)
Zeilenga LDAP: Distinguished Names [Page 8]
INTERNET-DRAFT draft-ietf-ldapbis-dn-12.txt 27 October 2003
INTERNET-DRAFT draft-ietf-ldapbis-dn-13.txt 15 Febrary 2004
- its physical location (country, locality, city, street address)
- organizational attributes (such as department name or affiliation)
Most countries have privacy laws regarding the publication of
@ -470,9 +469,9 @@ INTERNET-DRAFT draft-ietf-ldapbis-dn-12.txt 27 October 2003
For example, a distinguished name consisting of one RDN with one AVA,
in which the type is commonName and the value is of the TeletexString
choice with the letters 'Sam' would be represented in LDAP as the
string CN=Sam. Another distinguished name in which the value is still
'Sam' but of the PrintableString choice would have the same
representation CN=Sam.
string <CN=Sam>. Another distinguished name in which the value is
still 'Sam' but of the PrintableString choice would have the same
representation <CN=Sam>.
Applications which require the reconstruction of the DER form of the
value SHOULD NOT use the string representation of attribute syntaxes
@ -500,16 +499,15 @@ INTERNET-DRAFT draft-ietf-ldapbis-dn-12.txt 27 October 2003
[X.501] International Telecommunication Union -
Telecommunication Standardization Sector, "The Directory
-- Models," X.501(1993) (also ISO/IEC 9594-2:1994).
Zeilenga LDAP: Distinguished Names [Page 9]
INTERNET-DRAFT draft-ietf-ldapbis-dn-12.txt 27 October 2003
INTERNET-DRAFT draft-ietf-ldapbis-dn-13.txt 15 Febrary 2004
-- Models," X.501(1993) (also ISO/IEC 9594-2:1994).
[X.680] International Telecommunication Union -
Telecommunication Standardization Sector, "Abstract
Syntax Notation One (ASN.1) - Specification of Basic
@ -521,9 +519,16 @@ INTERNET-DRAFT draft-ietf-ldapbis-dn-12.txt 27 October 2003
[RFC2234] Crocker, D. and P. Overell, "Augmented BNF for Syntax
Specifications: ABNF", RFC 2234, November 1997.
[UTF-8] Yergeau, F., "UTF-8, a transformation format of ISO
10646", draft-yergeau-rfc2279bis-xx.txt, a work in
progress.
[RFC3329] Yergeau, F., "UTF-8, a transformation format of ISO
10646", RFC 3329 (also STD 64), November 2003.
[Unicode] The Unicode Consortium, "The Unicode Standard, Version
3.2.0" is defined by "The Unicode Standard, Version 3.0"
(Reading, MA, Addison-Wesley, 2000. ISBN 0-201-61633-5),
as amended by the "Unicode Standard Annex #27: Unicode
3.1" (http://www.unicode.org/reports/tr27/) and by the
"Unicode Standard Annex #28: Unicode 3.2"
(http://www.unicode.org/reports/tr28/).
[Models] Zeilenga, K. (editor), "LDAP: Directory Information
Models", draft-ietf-ldapbis-models-xx.txt, a work in
@ -543,11 +548,6 @@ INTERNET-DRAFT draft-ietf-ldapbis-dn-12.txt 27 October 2003
draft-ietf-ldapbis-user-schema-xx.txt, a work in
progress.
[ISO10646] International Organization for Standardization,
"Universal Multiple-Octet Coded Character Set (UCS) -
Architecture and Basic Multilingual Plane", ISO/IEC
10646-1 : 1993.
[REGISTRY] IANA, Object Identifier Descriptors Registry,
<http://www.iana.org/...>.
@ -561,7 +561,7 @@ INTERNET-DRAFT draft-ietf-ldapbis-dn-12.txt 27 October 2003
Zeilenga LDAP: Distinguished Names [Page 10]
INTERNET-DRAFT draft-ietf-ldapbis-dn-12.txt 27 October 2003
INTERNET-DRAFT draft-ietf-ldapbis-dn-13.txt 15 Febrary 2004
[X.500] International Telecommunication Union -
@ -582,6 +582,14 @@ INTERNET-DRAFT draft-ietf-ldapbis-dn-12.txt 27 October 2003
[BCP64bis] Zeilenga, K., "IANA Considerations for LDAP", draft-
ietf-ldapbis-bcp64-xx.txt, a work in progress.
[CharModel] Whistler, K. and M. Davis, "Unicode Technical Report
#17, Character Encoding Model", UTR17,
<http://www.unicode.org/unicode/reports/tr17/>, August
2000.
[Glossary] The Unicode Consortium, "Unicode Glossary",
<http://www.unicode.org/glossary/>.
Appendix A. Presentation Issues
@ -601,8 +609,16 @@ Appendix A. Presentation Issues
to users. This section is not comprehensive, it does not discuss all
presentation issues which implementors may face.
Not all user interfaces are capable of displaying the full set of UCS
characters. Some UCS characters are not displayable.
Not all user interfaces are capable of displaying the full set of
Unicode characters. Some Unicode characters are not displayable.
Zeilenga LDAP: Distinguished Names [Page 11]
INTERNET-DRAFT draft-ietf-ldapbis-dn-13.txt 15 Febrary 2004
It is recommended that human interfaces use the optional hex pair
escaping mechanism (Section 2.3) to produce a string representation
@ -612,24 +628,16 @@ Appendix A. Presentation Issues
demonstrated in the final example of Section 4).
When a DN string is displayed in free form text, it is often necessary
Zeilenga LDAP: Distinguished Names [Page 11]
INTERNET-DRAFT draft-ietf-ldapbis-dn-12.txt 27 October 2003
to distinguish the DN string from surrounding text. While this is
often done with white space (as demonstrated in Section 4), it is
noted that DN strings may end with white space. Careful readers of
Section 3 will note that characters "<" (U+003C) and ">" (U+003E) may
Section 3 will note that characters '<' (U+003C) and '>' (U+003E) may
only appear in the DN string if escaped. These characters are
intended to be used in free form text to distinguish a DN string from
surrounding text. For example, <CN=Sam\ > distinguished the string
representation of the DN comprised of one RDN consisting of the AVA:
the commonName (CN) value "Sam " from the surrounding text. It should
be noted to the user that the wrapping "<" and ">" characters are not
the commonName (CN) value 'Sam ' from the surrounding text. It should
be noted to the user that the wrapping '<' and '>' characters are not
part of the DN string.
DN strings can be quite long. It is often desirable to line-wrap
@ -660,6 +668,14 @@ INTERNET-DRAFT draft-ietf-ldapbis-dn-12.txt 27 October 2003
objectClass: person
Zeilenga LDAP: Distinguished Names [Page 12]
INTERNET-DRAFT draft-ietf-ldapbis-dn-13.txt 15 Febrary 2004
Appendix B. Changes made since RFC 2253
This appendix is provided for informational purposes only, it is not a
@ -667,15 +683,8 @@ Appendix B. Changes made since RFC 2253
The following substantive changes were made to RFC 2253:
- Removed IESG Note. The IESG Note has been addressed.
- Replaced all references to ISO 10646-1 with [Unicode].
- Clarified (in Section 1) that this document does not define a
Zeilenga LDAP: Distinguished Names [Page 12]
INTERNET-DRAFT draft-ietf-ldapbis-dn-12.txt 27 October 2003
canonical string representation.
- Revised specification (in Section 2) to allow short names of any
registered attribute type to appear in string representations of
@ -691,8 +700,8 @@ INTERNET-DRAFT draft-ietf-ldapbis-dn-12.txt 27 October 2003
- Updated Section 2.3 to indicate attribute type name strings are
case insensitive.
- Updated Section 2.4 to allow hex pair escaping of all characters
and clarified escaping for when multiple octet UTF-8 characters
are present.
and clarified escaping for when multiple octet UTF-8 echodings are
present.
- Rewrote Section 3 to use ABNF as defined in RFC 2234.
- Rewrote Section 3 ABNF to be consistent with 2.4.
- Updated Section 3 to describe how to parse elements of the
@ -715,6 +724,14 @@ Intellectual Property Rights
might not be available; neither does it represent that it has made any
effort to identify any such rights. Information on the IETF's
procedures with respect to rights in standards-track and
Zeilenga LDAP: Distinguished Names [Page 13]
INTERNET-DRAFT draft-ietf-ldapbis-dn-13.txt 15 Febrary 2004
standards-related documentation can be found in BCP-11. Copies of
claims of rights made available for publication and any assurances of
licenses to be made available, or the result of an attempt made to
@ -724,14 +741,6 @@ Intellectual Property Rights
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
Zeilenga LDAP: Distinguished Names [Page 13]
INTERNET-DRAFT draft-ietf-ldapbis-dn-12.txt 27 October 2003
rights which may cover technology that may be required to practice
this standard. Please address the information to the IETF Executive
Director.
@ -740,11 +749,11 @@ INTERNET-DRAFT draft-ietf-ldapbis-dn-12.txt 27 October 2003
Full Copyright
Copyright (C) The Internet Society (2003). All Rights Reserved.
Copyright (C) The Internet Society (2004). All Rights Reserved.
This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it
or assist in its implmentation may be prepared, copied, published and
or assist in its implementation may be prepared, copied, published and
distributed, in whole or in part, without restriction of any kind,
provided that the above copyright notice and this paragraph are
included on all such copies and derivative works. However, this
@ -765,15 +774,6 @@ Full Copyright

218
doc/drafts/draft-ietf-ldapbis-filter-xx.txt
View File

@ -1,18 +1,13 @@
Network Working Group M. Smith, Editor
Request for Comments: DRAFT Netscape Communications Corp.
Request for Comments: DRAFT Pearl Crescent, LLC
Obsoletes: RFC 2254 T. Howes
Expires: 25 April 2004 Opsware, Inc.
25 October 2003
Expires: 13 August 2004 Opsware, Inc.
13 February 2004
LDAP: String Representation of Search Filters
<draft-ietf-ldapbis-filter-05.txt>
<draft-ietf-ldapbis-filter-06.txt>
@ -41,7 +36,7 @@ Expires: 25 April 2004 Opsware, Inc.
Revision (ldapbis) Working Group mailing list <ietf-
ldapbis@openldap.org>.
Copyright (C) The Internet Society (2003). All Rights Reserved.
Copyright (C) The Internet Society (2004). All Rights Reserved.
2. Abstract
@ -57,7 +52,7 @@ Expires: 25 April 2004 Opsware, Inc.
Smith & Howes Intended Category: Standards Track [Page 1]
INTERNET-DRAFT LDAP: String Repres. of Search Filters 25 October 2003
INTERNET-DRAFT LDAP: String Repres. of Search Filters 13 February 2004
3. Table of Contents
@ -74,9 +69,9 @@ INTERNET-DRAFT LDAP: String Repres. of Search Filters 25 October 2003
10. Informative References.........................................8
11. Intellectual Property Rights...................................8
12. Acknowledgments................................................8
13. Authors' Address...............................................8
13. Authors' Addresses.............................................9
14. Full Copyright Statement.......................................9
15. Appendix A: Changes Since RFC 2254.............................9
15. Appendix A: Changes Since RFC 2254.............................10
15.1. Technical Changes...........................................10
15.2. Editorial Changes...........................................10
16. Appendix B: Changes Since Previous Document Revision...........11
@ -113,12 +108,12 @@ INTERNET-DRAFT LDAP: String Repres. of Search Filters 25 October 2003
Smith & Howes Intended Category: Standards Track [Page 2]
INTERNET-DRAFT LDAP: String Repres. of Search Filters 25 October 2003
INTERNET-DRAFT LDAP: String Repres. of Search Filters 13 February 2004
Filter ::= CHOICE {
and [0] SET SIZE (1..MAX) OF Filter,
or [1] SET SIZE (1..MAX) OF Filter,
and [0] SET SIZE (1..MAX) OF filter Filter,
or [1] SET SIZE (1..MAX) OF filter Filter,
not [2] Filter,
equalityMatch [3] AttributeValueAssertion,
substrings [4] SubstringFilter,
@ -130,9 +125,8 @@ INTERNET-DRAFT LDAP: String Repres. of Search Filters 25 October 2003
SubstringFilter ::= SEQUENCE {
type AttributeDescription,
-- at least one must be present,
-- initial and final can occur at most once
substrings SEQUENCE OF CHOICE {
substrings SEQUENCE SIZE (1..MAX) OF substring CHOICE {
initial [0] AssertionValue,
any [1] AssertionValue,
final [2] AssertionValue } }
@ -148,7 +142,7 @@ INTERNET-DRAFT LDAP: String Repres. of Search Filters 25 October 2003
dnAttributes [4] BOOLEAN DEFAULT FALSE }
AttributeDescription ::= LDAPString
-- Constrained to attributedescription
-- Constrained to <attributedescription>
-- [Models]
AttributeValue ::= OCTET STRING
@ -158,32 +152,31 @@ INTERNET-DRAFT LDAP: String Repres. of Search Filters 25 October 2003
AssertionValue ::= OCTET STRING
LDAPString ::= OCTET STRING -- UTF-8 encoded,
-- ISO 10646 characters
-- [ISO10646] characters
where the LDAPString above is limited to the UTF-8 encoding [UTF-8]
of the ISO 10646 character set [ISO10646]. The AttributeDescription
is a string representation of the attribute description and is
defined in [Protocol]. The AttributeValue and AssertionValue OCTET
The AttributeDescription is a string representation of the attribute
description and is defined in [Protocol]. The AttributeValue and
AssertionValue OCTET STRING have the form defined in [Syntaxes]. The
Filter is encoded for transmission over a network using the Basic
Encoding Rules defined in [X.690], with simplifications described in
Smith & Howes Intended Category: Standards Track [Page 3]
INTERNET-DRAFT LDAP: String Repres. of Search Filters 25 October 2003
INTERNET-DRAFT LDAP: String Repres. of Search Filters 13 February 2004
STRING have the form defined in [Syntaxes]. The Filter is encoded
for transmission over a network using the Basic Encoding Rules
defined in [ASN.1], with simplifications described in [Protocol].
[Protocol].
6. String Search Filter Definition
The string representation of an LDAP search filter is a string of
UTF-8 encoded ISO 10646-1 characters that is defined by the following
grammar, following the ABNF notation defined in [RFC2234]. The
productions used that are not defined here are defined in section 1.3
(Common ABNF Productions) of [Models] unless otherwise noted. The
filter format uses a prefix notation.
UTF-8[RFC3629] encoded ISO 10646-1 characters that is defined by the
following grammar, following the ABNF notation defined in [RFC2234].
The productions used that are not defined here are defined in section
1.4 (Common ABNF Productions) of [Models] unless otherwise noted.
The filter format uses a prefix notation.
filter = LPAREN filtercomp RPAREN
filtercomp = and / or / not / item
@ -220,16 +213,16 @@ INTERNET-DRAFT LDAP: String Repres. of Search Filters 25 October 2003
UTF1SUBSET = %x01-27 / %x2B-5B / %x5D-7F
; UTF1SUBSET excludes 0x00 (NUL), LPAREN,
; RPAREN, ASTERISK, and ESC.
EXCLAMATION = %x21 ; exclamation mark ("!")
AMPERSAND = %x26 ; ampersand (or AND symbol) ("&")
Smith & Howes Intended Category: Standards Track [Page 4]
INTERNET-DRAFT LDAP: String Repres. of Search Filters 25 October 2003
INTERNET-DRAFT LDAP: String Repres. of Search Filters 13 February 2004
EXCLAMATION = %x21 ; exclamation mark ("!")
AMPERSAND = %x26 ; ampersand (or AND symbol) ("&")
ASTERISK = %x2A ; asterisk ("*")
COLON = %x3A ; colon (":")
VERTBAR = %x7C ; vertical bar (or pipe) ("|")
@ -264,9 +257,9 @@ INTERNET-DRAFT LDAP: String Repres. of Search Filters 25 October 2003
As indicated by the valueencoding rule, implementations MUST escape
all octets greater than 0x7F that are not part of a valid UTF-8
encoding sequence when they generate a string representation of a
search filter. Implementations SHOULD accept as input a string that
includes invalid UTF-8 octet sequences. This is necessary because RFC
2254 did not clearly define the term "string representation" (and in
search filter. Implementations SHOULD accept as input strings that
are not valid UTF-8 strings. This is necessary because RFC 2254 did
not clearly define the term "string representation" (and in
particular did not mention that the string representation of an LDAP
search filter is a string of UTF-8 encoded ISO 10646-1 characters).
@ -276,16 +269,16 @@ INTERNET-DRAFT LDAP: String Repres. of Search Filters 25 October 2003
this notation.
(cn=Babs Jensen)
(!(cn=Tim Howes))
(&(objectClass=Person)(|(sn=Jensen)(cn=Babs J*)))
Smith & Howes Intended Category: Standards Track [Page 5]
INTERNET-DRAFT LDAP: String Repres. of Search Filters 25 October 2003
INTERNET-DRAFT LDAP: String Repres. of Search Filters 13 February 2004
(!(cn=Tim Howes))
(&(objectClass=Person)(|(sn=Jensen)(cn=Babs J*)))
(o=univ*of*mich*)
(seeAlso=)
@ -303,10 +296,11 @@ INTERNET-DRAFT LDAP: String Repres. of Search Filters 25 October 2003
The second example demonstrates use of a MatchingRuleAssertion form
without a matchingRule.
The third example illustrates the use of the ":dn" notation to
The third example illustrates the use of the ":oid" notation to
indicate that matching rule "2.4.6.8.10" should be used when making
comparisons, and that the attributes of an entry's distinguished name
should be considered part of the entry when evaluating the match.
should be considered part of the entry when evaluating the match
(indicated by the use of ":dn").
The fourth example denotes an equality match, except that DN
components should be considered part of the entry when doing the
@ -332,15 +326,15 @@ INTERNET-DRAFT LDAP: String Repres. of Search Filters 25 October 2003
The first example shows the use of the escaping mechanism to
represent parenthesis characters. The second shows how to represent a
"*" in an assertion value, preventing it from being interpreted as a
substring indicator. The third illustrates the escaping of the
Smith & Howes Intended Category: Standards Track [Page 6]
INTERNET-DRAFT LDAP: String Repres. of Search Filters 25 October 2003
INTERNET-DRAFT LDAP: String Repres. of Search Filters 13 February 2004
substring indicator. The third illustrates the escaping of the
backslash character.
The fourth example shows a filter searching for the four-byte value
@ -366,44 +360,46 @@ INTERNET-DRAFT LDAP: String Repres. of Search Filters 25 October 2003
9. Normative References
[ASN.1] Specification of ASN.1 encoding rules: Basic, Canonical, and
Distinguished Encoding Rules, ITU-T Recommendation X.690, 1994.
[AuthMeth] Harrison, R. (editor), "LDAP: Authentication Methods and
Connection Level Security Mechanisms", draft-ietf-ldapbis-
authmeth-xx.txt, a work in progress.
[AuthMeth] Harrison, R. (editor), "LDAP: Authentication Methods and
Connection Level Security Mechanisms", draft-ietf-ldapbis-authmeth-
xx.txt, a work in progress.
[ISO10646] Universal Multiple-Octet Coded Character Set (UCS) -
Architecture and Basic Multilingual Plane, ISO/IEC 10646-1,
1993.
[ISO10646] Universal Multiple-Octet Coded Character Set (UCS) -
Architecture and Basic Multilingual Plane, ISO/IEC 10646-1, 1993.
[Models] Zeilenga, K. (editor), "LDAP: Directory Information Models",
draft-ietf-ldapbis-models-xx.txt, a work in progress.
[Models] Zeilenga, K. (editor), "LDAP: Directory Information Models",
draft-ietf-ldapbis-models-xx.txt, a work in progress.
[Protocol] draft-ietf-ldapbis-protocol-xx.txt, a work in progress.
[Protocol] Sermersheim, J. (editor), "LDAP: The Protocol", draft-
ietf-ldapbis-protocol-xx.txt, a work in progress.
[RFC2119] S. Bradner, "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14 (also RFC 2119), March 1997.
[RFC2119] S. Bradner, "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14 (also RFC 2119), March 1997.
[RFC2234] Crocker, D., Overell, P., "Augmented BNF for Syntax
Specifications: ABNF", RFC 2234, November 1997.
[RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO 10646",
RFC 3629, November 2003.
[RFC2234] Crocker, D., Overell, P., "Augmented BNF for Syntax
Specifications: ABNF", RFC 2234, November 1997.
Smith & Howes Intended Category: Standards Track [Page 7]
INTERNET-DRAFT LDAP: String Repres. of Search Filters 25 October 2003
INTERNET-DRAFT LDAP: String Repres. of Search Filters 13 February 2004
[Roadmap] Zeilenga, K. (editor), "LDAP: Technical Specification Road
Map", draft-ietf-ldapbis-roadmap-xx.txt, a work in progress.
[Roadmap] Zeilenga, K. (editor), "LDAP: Technical Specification Road
Map", draft-ietf-ldapbis-roadmap-xx.txt, a work in progress.
[Syntaxes] Dally, K. (editor), "LDAP: Syntaxes", draft-ietf-ldapbis-
syntaxes-xx.txt, a work in progress.
[Syntaxes] Dally, K. (editor), "LDAP: Syntaxes", draft-ietf-ldapbis-
syntaxes-xx.txt, a work in progress.
[UTF-8] Yergeau, F., "UTF-8, a transformation format of ISO 10646",
draft-yergeau-rfc2279bis-xx.txt, a work in progress.
[X.690] Specification of ASN.1 encoding rules: Basic, Canonical, and
Distinguished Encoding Rules, ITU-T Recommendation X.690,
1994.
10. Informative References
@ -441,23 +437,25 @@ INTERNET-DRAFT LDAP: String Repres. of Search Filters 25 October 2003
acknowledged.
13. Authors' Address
Mark Smith, Editor
Smith & Howes Intended Category: Standards Track [Page 8]
INTERNET-DRAFT LDAP: String Repres. of Search Filters 25 October 2003
INTERNET-DRAFT LDAP: String Repres. of Search Filters 13 February 2004
Netscape Communications Corp.
360 W. Caribbean Drive
Sunnyvale, CA 94089
13. Authors' Addresses
Mark Smith, Editor
Pearl Crescent, LLC
447 Marlpool Dr.
Saline, MI 48176
USA
+1 650 937-3477
MarkCSmithWork@aol.com
+1 734 944-2856
mcs@pearlcrescent.com
Tim Howes
Opsware, Inc.
@ -469,7 +467,7 @@ INTERNET-DRAFT LDAP: String Repres. of Search Filters 25 October 2003
14. Full Copyright Statement
Copyright (C) The Internet Society (2003). All Rights Reserved.
Copyright (C) The Internet Society (2004). All Rights Reserved.
This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it
@ -496,18 +494,17 @@ INTERNET-DRAFT LDAP: String Repres. of Search Filters 25 October 2003
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
15. Appendix A: Changes Since RFC 2254
Smith & Howes Intended Category: Standards Track [Page 9]
INTERNET-DRAFT LDAP: String Repres. of Search Filters 25 October 2003
INTERNET-DRAFT LDAP: String Repres. of Search Filters 13 February 2004
15. Appendix A: Changes Since RFC 2254
15.1. Technical Changes
The following technical changes were made to the contents of the
@ -554,16 +551,16 @@ INTERNET-DRAFT LDAP: String Repres. of Search Filters 25 October 2003
"Abstract" section: separated from introductory material.
"Introduction" section: new section; separated from the Abstract.
Updated second paragraph to indicate that RFC 2254 is replaced by
Smith & Howes Intended Category: Standards Track [Page 10]
INTERNET-DRAFT LDAP: String Repres. of Search Filters 25 October 2003
INTERNET-DRAFT LDAP: String Repres. of Search Filters 13 February 2004
"Introduction" section: new section; separated from the Abstract.
Updated second paragraph to indicate that RFC 2254 is replaced by
this document (instead of RFC 1960). Added reference to the [Roadmap]
document.
@ -579,8 +576,9 @@ INTERNET-DRAFT LDAP: String Repres. of Search Filters 25 October 2003
"Examples" section: added four additional examples: (seeAlso=),
(cn:=Betty Rubble), (:1.2.3:=Wilma Flintstone), and
(1.3.6.1.4.1.1466.0=\04\02\48\69). Replaced one occurrence of "a
value" with "an assertion value".
(1.3.6.1.4.1.1466.0=\04\02\48\69). Replaced one occurrence of "a
value" with "an assertion value". Corrected the description of this
example: (sn:dn:2.4.6.8.10:=Barney Rubble).
"Security Considerations" section: added references to [Protocol] and
[AuthMeth].
@ -604,54 +602,51 @@ INTERNET-DRAFT LDAP: String Repres. of Search Filters 25 October 2003
16. Appendix B: Changes Since Previous Document Revision
This appendix lists all changes relative to the previously published
revision, draft-ietf-ldapbis-filter-04.txt. Note that when
revision, draft-ietf-ldapbis-filter-05.txt. Note that when
appropriate these changes are also included in Appendix A, but are
also included here for the benefit of the people who have already
reviewed draft-ietf-ldapbis-filter-04.txt. This section will be
reviewed draft-ietf-ldapbis-filter-05.txt. This section will be
removed before this document is published as an RFC.
Smith & Howes Intended Category: Standards Track [Page 11]
INTERNET-DRAFT LDAP: String Repres. of Search Filters 25 October 2003
INTERNET-DRAFT LDAP: String Repres. of Search Filters 13 February 2004
16.1. Technical Changes
"Examples" section: Removed the (:=Fred Flintstone) example which is
not allowed by the protocol.
None.
16.2. Editorial Changes
"String Search Filter Definition" section: Revised the last two
sentences in this section to improve clarity (the updated text now
begins with the text "Implementations SHOULD accept as input a string
that includes...."
"LDAP Search Filter Definition" section: changed the LDAPv3 search
filter ABNF so it matches that used in the latest revision of
[Protocol] and removed the following redundant descriptive text:
"where the LDAPString above is limited to the UTF-8 encoding [UTF-8]
of the ISO 10646 character set [ISO10646]."
Replaced all occurrences of "asterix" with the correctly spelled
"asterisk."
"String Search Filter Definition" section: Corrected section
reference to [Models] and replaced this sentence: "Implementations
SHOULD accept as input a string that includes invalid UTF-8 octet
sequences." with the following: "Implementations SHOULD accept as
input strings that are not valid UTF-8 strings."
"Examples" section: Corrected the description of this example:
(sn:dn:2.4.6.8.10:=Barney Rubble).
"Normative References" section: changed UTF-8 reference to point to
the UTF-8 Internet Draft.
"Intellectual Property Rights" section: added.
Author's Addresses section: New email address for Mark Smith.
"Full Copyright Statement" section: updated text to match latest IETF
guidelines.
This Internet Draft expires on 25 April 2004.
RFC 3629, replaced [ASN.1] with [X.690] for consistency, and indented
the reference descriptions to enhance readability.
Authors' Addresses section: New contact information for Mark Smith.
Updated the copyright year to 2004.
This Internet Draft expires on 13 August 2004.
@ -673,3 +668,4 @@ This Internet Draft expires on 25 April 2004.
Smith & Howes Intended Category: Standards Track [Page 12]

1190
doc/drafts/draft-ietf-ldapbis-models-xx.txt
View File

File diff suppressed because it is too large Load Diff

1900
doc/drafts/draft-ietf-ldapbis-protocol-xx.txt
View File

File diff suppressed because it is too large Load Diff

78
doc/drafts/draft-ietf-ldapbis-roadmap-xx.txt
View File

@ -6,13 +6,14 @@
INTERNET-DRAFT Editor: Kurt D. Zeilenga
Intended Category: Standard Track OpenLDAP Foundation
Expires in six months 30 June 2003
Expires in six months 15 February 2004
Obsoletes: RFC 2251-2256, 2829-2830, 3377
LDAP: Technical Specification Road Map
<draft-ietf-ldapbis-roadmap-03.txt>
Lightweight Directory Access Protocol (LDAP):
Technical Specification Road Map
<draft-ietf-ldapbis-roadmap-04.txt>
Status of this Memo
@ -39,7 +40,7 @@ Status of this Memo
Internet-Draft Shadow Directories can be accessed at
<http://www.ietf.org/shadow.html>.
Copyright (C) The Internet Society (2003). All Rights Reserved.
Copyright (C) The Internet Society (2004). All Rights Reserved.
Please see the Full Copyright section near the end of this document
for more information.
@ -54,10 +55,9 @@ Abstract
Zeilenga LDAP: TS Road Map [Page 1]
INTERNET-DRAFT draft-ietf-ldapbis-roadmap-03 30 June 2003
INTERNET-DRAFT draft-ietf-ldapbis-roadmap-04 15 February 2004
Conventions
@ -73,8 +73,8 @@ Conventions
Directory Access Protocol (LDAP), an Internet Protocol, consists of
this document and the following documents:
LDAP: Directory Information Models [Models],
LDAP: The Protocol [Protocol],
LDAP: Directory Information Models [Models],
LDAP: Authentication Methods and Connection Level Security
Mechanisms [AuthMeth],
LDAP: String Representation of Distinguished Names [LDAPDN],
@ -113,7 +113,7 @@ Conventions
Zeilenga LDAP: TS Road Map [Page 2]
INTERNET-DRAFT draft-ietf-ldapbis-roadmap-03 30 June 2003
INTERNET-DRAFT draft-ietf-ldapbis-roadmap-04 15 February 2004
This technical specification explicitly incorporates portions of
@ -130,7 +130,7 @@ INTERNET-DRAFT draft-ietf-ldapbis-roadmap-03 30 June 2003
This technical specification, as defined in Section 1, obsoletes
entirely the previously defined LDAP technical specification [RFC3377]
(which consists of RFC 2251-2256, RFC 2829-2830 and [RFC3377] itself).
(which consists of RFC 2251-2256, RFC 2829-2830 and RFC 3377 itself).
The technical specification was significantly reorganized.
This document replaces RFC 3377 as well as Section 3.3 of RFC 2251.
@ -149,6 +149,11 @@ INTERNET-DRAFT draft-ietf-ldapbis-roadmap-03 30 June 2003
A.1 of this document details changes made to RFC 3377. Appendix A.2
of this document details changes made to Section 3.3 of RFC 2251.
Additionally, portions of this technical specification update and/or
replace documents not listed above. These relationships are discussed
in the documents detailings these portions of this technical
specification.
5. Acknowledgments
@ -160,16 +165,17 @@ INTERNET-DRAFT draft-ietf-ldapbis-roadmap-03 30 June 2003
This document is a product of the IETF LDAPBIS Working Group.
6. Author's Address
Kurt Zeilenga
E-mail: <kurt@openldap.org>
Zeilenga LDAP: TS Road Map [Page 3]
INTERNET-DRAFT draft-ietf-ldapbis-roadmap-03 30 June 2003
INTERNET-DRAFT draft-ietf-ldapbis-roadmap-04 15 February 2004
6. Author's Address
Kurt Zeilenga
E-mail: <kurt@openldap.org>
7. References
@ -182,13 +188,13 @@ INTERNET-DRAFT draft-ietf-ldapbis-roadmap-03 30 June 2003
[BCP64bis] Zeilenga, K., "IANA Considerations for LDAP", draft-
ietf-ldapbis-bcp64-xx.txt, a work in progress.
[Protocol] Sermersheim, J. (editor), "LDAP: The Protocol",
draft-ietf-ldapbis-protocol-xx.txt, a work in progress.
[Models] Zeilenga, K. (editor), "LDAP: Directory Information
Models", draft-ietf-ldapbis-models-xx.txt, a work in
progress.
[Protocol] Sermersheim, J. (editor), "LDAP: The Protocol",
draft-ietf-ldapbis-protocol-xx.txt, a work in progress.
[AuthMeth] Harrison, R. (editor), "LDAP: Authentication Methods and
Connection Level Security Mechanisms",
draft-ietf-ldapbis-authmeth-xx.txt, a work in progress.
@ -208,26 +214,25 @@ INTERNET-DRAFT draft-ietf-ldapbis-roadmap-03 30 June 2003
draft-ietf-ldapbis-syntaxes-xx.txt, a work in progress.
[LDAPprep] Zeilenga, K., "LDAP: Internationalized String
Preparation", draft-ietf-ldapbis-strpro-xx.txt, a work
Preparation", draft-ietf-ldapbis-strprep-xx.txt, a work
in progress.
[Schema] Dally, K. (editor), "LDAP: User Schema",
draft-ietf-ldapbis-user-schema-xx.txt, a work in
progress.
[X.500] International Telecommunication Union -
Telecommunication Standardization Sector, "The Directory
-- Overview of concepts, models and services,"
X.500(1993) (also ISO/IEC 9594-1:1994).
Zeilenga LDAP: TS Road Map [Page 4]
INTERNET-DRAFT draft-ietf-ldapbis-roadmap-03 30 June 2003
INTERNET-DRAFT draft-ietf-ldapbis-roadmap-04 15 February 2004
[X.500] International Telecommunication Union -
Telecommunication Standardization Sector, "The Directory
-- Overview of concepts, models and services,"
X.500(1993) (also ISO/IEC 9594-1:1994).
[X.501] International Telecommunication Union -
Telecommunication Standardization Sector, "The Directory
-- Models," X.501(1993) (also ISO/IEC 9594-2:1994).
@ -271,19 +276,19 @@ Intellectual Property Rights
to the implementation or use of the technology described in this
document or the extent to which any license under such rights might or
might not be available; neither does it represent that it has made any
effort to identify any such rights. Information on the IETF's
procedures with respect to rights in standards-track and
standards-related documentation can be found in BCP-11. Copies of
claims of rights made available for publication and any assurances of
licenses to be made available, or the result of an attempt made to
Zeilenga LDAP: TS Road Map [Page 5]
INTERNET-DRAFT draft-ietf-ldapbis-roadmap-03 30 June 2003
INTERNET-DRAFT draft-ietf-ldapbis-roadmap-04 15 February 2004
effort to identify any such rights. Information on the IETF's
procedures with respect to rights in standards-track and
standards-related documentation can be found in BCP-11. Copies of
claims of rights made available for publication and any assurances of
licenses to be made available, or the result of an attempt made to
obtain a general license or permission for the use of such proprietary
rights by implementors or users of this specification can be obtained
from the IETF Secretariat.
@ -298,11 +303,11 @@ INTERNET-DRAFT draft-ietf-ldapbis-roadmap-03 30 June 2003
Full Copyright
Copyright (C) The Internet Society (2003). All Rights Reserved.
Copyright (C) The Internet Society (2004). All Rights Reserved.
This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it
or assist in its implmentation may be prepared, copied, published and
or assist in its implementation may be prepared, copied, published and
distributed, in whole or in part, without restriction of any kind,
provided that the above copyright notice and this paragraph are
included on all such copies and derivative works. However, this
@ -327,11 +332,6 @@ Full Copyright

208
doc/drafts/draft-ietf-ldapbis-strprep-xx.txt
View File

@ -6,12 +6,12 @@
Internet-Draft Kurt D. Zeilenga
Intended Category: Standard Track OpenLDAP Foundation
Expires in six months 27 October 2003
Expires in six months 15 February 2004
LDAP: Internationalized String Preparation
<draft-ietf-ldapbis-strprep-02.txt>
<draft-ietf-ldapbis-strprep-03.txt>
Status of this Memo
@ -37,7 +37,7 @@ Status of this Memo
Internet-Draft Shadow Directories can be accessed at
<http://www.ietf.org/shadow.html>.
Copyright (C) The Internet Society (2003). All Rights Reserved.
Copyright (C) The Internet Society (2004). All Rights Reserved.
Please see the Full Copyright section near the end of this document
for more information.
@ -47,7 +47,7 @@ Abstract
The previous Lightweight Directory Access Protocol (LDAP) technical
specifications did not precisely define how character string matching
is to be performed. This lead to a number of usability and
is to be performed. This led to a number of usability and
interoperability problems. This document defines string preparation
algorithms for character-based matching rules defined for use in LDAP.
@ -57,7 +57,7 @@ Abstract
Zeilenga LDAPprep [Page 1]
Internet-Draft draft-ietf-ldapbis-strprep-02 27 October 2003
Internet-Draft draft-ietf-ldapbis-strprep-03 15 February 2004
Conventions
@ -106,21 +106,21 @@ Conventions
"X.520: Selected attribute types" [X.520] provides (amongst other
things) value syntaxes and matching rules for comparing values
commonly used in the Directory. These specifications are inadequate
for strings composed of characters from the Universal Character Set
(UCS) [ISO10646], a superset of Unicode [Unicode].
for strings composed of Unicode [Unicode] characters.
Zeilenga LDAPprep [Page 2]
Internet-Draft draft-ietf-ldapbis-strprep-02 27 October 2003
Internet-Draft draft-ietf-ldapbis-strprep-03 15 February 2004
The caseIgnoreMatch matching rule [X.520], for example, is simply
defined as being a case insensitive comparison where insignificant
spaces are ignored. For printableString, there is only one space
character and case mapping is bijective, hence this definition is
sufficient. However, for UCS-based string types such as
sufficient. However, for Unicode string types such as
universalString, this is not sufficient. For example, a case
insensitive matching implementation which folded lower case characters
to upper case would yield different different results than an
@ -169,7 +169,7 @@ Internet-Draft draft-ietf-ldapbis-strprep-02 27 October 2003
Zeilenga LDAPprep [Page 3]
Internet-Draft draft-ietf-ldapbis-strprep-02 27 October 2003
Internet-Draft draft-ietf-ldapbis-strprep-03 15 February 2004
6) Insignificant Character Removal
@ -225,7 +225,7 @@ Internet-Draft draft-ietf-ldapbis-strprep-02 27 October 2003
Zeilenga LDAPprep [Page 4]
Internet-Draft draft-ietf-ldapbis-strprep-02 27 October 2003
Internet-Draft draft-ietf-ldapbis-strprep-03 15 February 2004
2.1. Transcode
@ -263,6 +263,8 @@ Internet-Draft draft-ietf-ldapbis-strprep-02 27 October 2003
with Separator (space, line, or paragraph) property (e.g, Zs, Zl, or
Zp) are mapped to SPACE (U+0020).
Appendix B provides a table detailing the above mappings.
For case ignore, numeric, and stored prefix string matching rules,
characters are case folded per B.2 of [StringPrep].
@ -277,11 +279,9 @@ Internet-Draft draft-ietf-ldapbis-strprep-02 27 October 2003
Zeilenga LDAPprep [Page 5]
Internet-Draft draft-ietf-ldapbis-strprep-02 27 October 2003
Internet-Draft draft-ietf-ldapbis-strprep-03 15 February 2004
2.4. Prohibit
@ -289,6 +289,10 @@ Internet-Draft draft-ietf-ldapbis-strprep-02 27 October 2003
All Unassigned code points are prohibited. Unassigned code points are
listed in Table A.1 of [StringPrep].
Characters which, per Section 5.8 of [Stringprep], change display
properties or are deprecated are prohibited. These characters are are
listed in Table C.8 of [StringPrep].
Private Use (U+E000-F8FF, F0000-FFFFD, 100000-10FFFD) code points are
prohibited.
@ -302,44 +306,41 @@ Internet-Draft draft-ietf-ldapbis-strprep-02 27 October 2003
The REPLACEMENT CHARACTER (U+FFFD) code point is prohibited.
The first code point of a string is prohibited from being a combining
character.
The step fails if the input string contains any prohibited code point.
The output is the input string.
Otherwise, the output is the input string.
2.5. Check bidi
There are no bidirectional restrictions. The output is the input
string.
This step fails if the input string does not conform to the the
bidirectional character restrictions detailed in 6 of [Stringprep].
Otherwise, the output is the input string.
2.5. Insignificant Character Removal
2.6. Insignificant Character Removal
In this step, characters insignificant to the matching rule are to be
removed. The characters to be removed differ from matching rule to
matching rule.
Section 2.5.1 applies to case ignore and exact string matching.
Section 2.5.2 applies to numericString matching.
Section 2.5.3 applies to telephoneNumber matching
Section 2.6.1 applies to case ignore and exact string matching.
Section 2.6.2 applies to numericString matching.
Section 2.6.3 applies to telephoneNumber matching.
2.5.1. Insignificant Space Removal
2.6.1. Insignificant Space Removal
For the purposes of this section, a space is defined to be the SPACE
(U+0020) code point followed by no combining marks.
NOTE - The previous steps ensure that the string cannot contain any
Zeilenga LDAPprep [Page 6]
Internet-Draft draft-ietf-ldapbis-strprep-02 27 October 2003
Internet-Draft draft-ietf-ldapbis-strprep-03 15 February 2004
NOTE - The previous steps ensure that the string cannot contain any
code points in the separator class, other than SPACE (U+0020).
If the input string consists entirely of spaces or is empty, the
@ -363,7 +364,7 @@ Internet-Draft draft-ietf-ldapbis-strprep-02 27 October 2003
"<SPACE>".
2.5.2. numericString Insignificant Character Removal
2.6.2. numericString Insignificant Character Removal
For the purposes of this section, a space is defined to be the SPACE
(U+0020) code point followed by no combining marks.
@ -383,19 +384,19 @@ Internet-Draft draft-ietf-ldapbis-strprep-02 27 October 2003
"<SPACE>".
2.5.3. telephoneNumber Insignificant Character Removal
2.6.3. telephoneNumber Insignificant Character Removal
For the purposes of this section, a hyphen is defined to be
HYPHEN-MINUS (U+002D), ARMENIAN HYPHEN (U+058A), HYPHEN (U+2010),
NON-BREAKING HYPHEN (U+2011), MINUS SIGN (U+2212), SMALL HYPHEN-MINUS
Zeilenga LDAPprep [Page 7]
Internet-Draft draft-ietf-ldapbis-strprep-02 27 October 2003
Internet-Draft draft-ietf-ldapbis-strprep-03 15 February 2004
NON-BREAKING HYPHEN (U+2011), MINUS SIGN (U+2212), SMALL HYPHEN-MINUS
(U+FE63), or FULLWIDTH HYPHEN-MINUS (U+FF0D) code point followed by no
combining marks and a space is defined to be the SPACE (U+0020) code
point followed by no combining marks.
@ -443,16 +444,18 @@ Internet-Draft draft-ietf-ldapbis-strprep-02 27 October 2003
6. Author's Address
Kurt Zeilenga
Zeilenga LDAPprep [Page 8]
Internet-Draft draft-ietf-ldapbis-strprep-02 27 October 2003
Internet-Draft draft-ietf-ldapbis-strprep-03 15 February 2004
E-mail: <kurt@openldap.org>
Kurt D. Zeilenga
OpenLDAP Foundation
Email: Kurt@OpenLDAP.org
7. References
@ -473,11 +476,6 @@ Internet-Draft draft-ietf-ldapbis-strprep-02 27 October 2003
[Syntaxes] Legg, S. (editor), "LDAP: Syntaxes and Matching Rules",
draft-ietf-ldapbis-syntaxes-xx.txt, a work in progress.
[ISO10646] International Organization for Standardization,
"Universal Multiple-Octet Coded Character Set (UCS) -
Architecture and Basic Multilingual Plane", ISO/IEC
10646-1 : 1993.
[Unicode] The Unicode Consortium, "The Unicode Standard, Version
3.2.0" is defined by "The Unicode Standard, Version 3.0"
(Reading, MA, Addison-Wesley, 2000. ISBN 0-201-61633-5),
@ -500,16 +498,16 @@ Internet-Draft draft-ietf-ldapbis-strprep-02 27 October 2003
Character Sets for the International Teletex Service",
T.61, 1988.
7.2. Informative References
Zeilenga LDAPprep [Page 9]
Internet-Draft draft-ietf-ldapbis-strprep-02 27 October 2003
Internet-Draft draft-ietf-ldapbis-strprep-03 15 February 2004
7.2. Informative References
[X.500] International Telecommunication Union -
Telecommunication Standardization Sector, "The Directory
-- Overview of concepts, models and services,"
@ -556,17 +554,16 @@ Appendix A. Teletex (T.61) to Unicode
The codes from x80 to x9f are also equivalent to the corresponding
Unicode code points. This is specified for completeness only, as
these codes are control characters, and will be mapped to nothing in
the LDAP String Preparation Mapping step.
Zeilenga LDAPprep [Page 10]
Internet-Draft draft-ietf-ldapbis-strprep-02 27 October 2003
Internet-Draft draft-ietf-ldapbis-strprep-03 15 February 2004
these codes are control characters, and will be mapped to nothing in
the LDAP String Preparation Mapping step.
The remaining T.61 codes are mapped below in Table A.1. Table
positions marked "??" are undefined.
@ -613,15 +610,16 @@ Internet-Draft draft-ietf-ldapbis-strprep-02 27 October 2003
Appendix B. Additional Teletex (T.61) to Unicode Tables
All of the accented characters in T.61 have a corresponding code point
in Unicode. For the sake of completeness, the combined character
Zeilenga LDAPprep [Page 11]
Internet-Draft draft-ietf-ldapbis-strprep-02 27 October 2003
Internet-Draft draft-ietf-ldapbis-strprep-03 15 February 2004
All of the accented characters in T.61 have a corresponding code point
in Unicode. For the sake of completeness, the combined character
codes are presented in the following tables. This is informational
only; for matching purposes it is sufficient to map the non-spacing
accent and exchange the order of the character pair as specified in
@ -668,16 +666,16 @@ B.3. Combinations for xc2: (Acute accent)
C, L, N, R, S, and Z. Unicode also defines G, K, M, P, and W. All of
these combinations are present in Table B.3.
| 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 |
--+------+------+------+------+------+------+------+------+
Zeilenga LDAPprep [Page 12]
Internet-Draft draft-ietf-ldapbis-strprep-02 27 October 2003
Internet-Draft draft-ietf-ldapbis-strprep-03 15 February 2004
| 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 |
--+------+------+------+------+------+------+------+------+
40| ?? | 00c1 | ?? | 0106 | ?? | 00c9 | ?? | 01f4 |
48| ?? | 00cd | ?? | 1e30 | 0139 | 1e3e | 0143 | 00d3 |
50| 1e54 | ?? | 0154 | 015a | ?? | 00da | ?? | 1e82 |
@ -724,16 +722,16 @@ B.5. Combinations for xc4: (Tilde)
58| ?? | 1ef8 | ?? | ?? | ?? | ?? | ?? | ?? |
60| ?? | 00e3 | ?? | ?? | ?? | 1ebd | ?? | ?? |
68| ?? | 0129 | ?? | ?? | ?? | ?? | 00f1 | 00f5 |
70| ?? | ?? | ?? | ?? | ?? | 0169 | 1e7d | ?? |
78| ?? | 1ef9 | ?? | ?? | ?? | ?? | ?? | ?? |
Zeilenga LDAPprep [Page 13]
Internet-Draft draft-ietf-ldapbis-strprep-02 27 October 2003
Internet-Draft draft-ietf-ldapbis-strprep-03 15 February 2004
70| ?? | ?? | ?? | ?? | ?? | 0169 | 1e7d | ?? |
78| ?? | 1ef9 | ?? | ?? | ?? | ?? | ?? | ?? |
--+------+------+------+------+------+------+------+------+
Table B.5: Mapping of T.61 Tilde Accent Combinations
@ -780,16 +778,16 @@ B.7. Combinations for xc6: (Breve)
Table B.7: Mapping of T.61 Breve Accent Combinations
B.8. Combinations for xc7: (Dot Above)
Zeilenga LDAPprep [Page 14]
Internet-Draft draft-ietf-ldapbis-strprep-02 27 October 2003
Internet-Draft draft-ietf-ldapbis-strprep-03 15 February 2004
B.8. Combinations for xc7: (Dot Above)
T.61 has predefined characters for C, E, G, I, and Z. Unicode also
defines A, O, B, D, F, H, M, N, P, R, S, T, W, X, and Y. All of these
combinations are present in Table B.8.
@ -836,16 +834,16 @@ B.10. Combinations for xca: (Ring Above)
| 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 |
--+------+------+------+------+------+------+------+------+
40| ?? | 00c5 | ?? | ?? | ?? | ?? | ?? | ?? |
48| ?? | ?? | ?? | ?? | ?? | ?? | ?? | ?? |
50| ?? | ?? | ?? | ?? | ?? | 016e | ?? | ?? |
Zeilenga LDAPprep [Page 15]
Internet-Draft draft-ietf-ldapbis-strprep-02 27 October 2003
Internet-Draft draft-ietf-ldapbis-strprep-03 15 February 2004
48| ?? | ?? | ?? | ?? | ?? | ?? | ?? | ?? |
50| ?? | ?? | ?? | ?? | ?? | 016e | ?? | ?? |
58| ?? | ?? | ?? | ?? | ?? | ?? | ?? | ?? |
60| ?? | 00e5 | ?? | ?? | ?? | ?? | ?? | ?? |
68| ?? | ?? | ?? | ?? | ?? | ?? | ?? | ?? |
@ -892,16 +890,16 @@ B.12. Combinations for xcd: (Double Acute Accent)
B.13. Combinations for xce: (Ogonek)
T.61 has predefined characters for A, E, I, and U. Unicode also
defines the combination for O. All of these combinations are present
Zeilenga LDAPprep [Page 16]
Internet-Draft draft-ietf-ldapbis-strprep-02 27 October 2003
Internet-Draft draft-ietf-ldapbis-strprep-03 15 February 2004
T.61 has predefined characters for A, E, I, and U. Unicode also
defines the combination for O. All of these combinations are present
in Table B.13.
| 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 |
@ -938,6 +936,48 @@ B.14. Combinations for xcf: (Caron)
Table B.14: Mapping of T.61 Caron Accent Combinations
Appendix B -- Mapping Table
Input Output
----- ------
0000-0008
0009-000D 0020
000E-001F
007F-009F
0085 0020
00A0 0020
00AD
034F
Zeilenga LDAPprep [Page 17]
Internet-Draft draft-ietf-ldapbis-strprep-03 15 February 2004
06DD
070F
1680 0020
1806
180B-180E
2000-200A 0020
200B-200F
2028-2029 0020
202A-202E
202F 0020
205F 0020
2060-2063
206A-206F
3000 0020
FEFF
FF00-FE0F
FFF9-FFFC
1D173-1D17A
E0001
E0020-E007F
Intellectual Property Rights
@ -948,14 +988,6 @@ Intellectual Property Rights
might not be available; neither does it represent that it has made any
effort to identify any such rights. Information on the IETF's
procedures with respect to rights in standards-track and
Zeilenga LDAPprep [Page 17]
Internet-Draft draft-ietf-ldapbis-strprep-02 27 October 2003
standards-related documentation can be found in BCP-11. Copies of
claims of rights made available for publication and any assurances of
licenses to be made available, or the result of an attempt made to
@ -973,11 +1005,18 @@ Internet-Draft draft-ietf-ldapbis-strprep-02 27 October 2003
Full Copyright
Copyright (C) The Internet Society (2003). All Rights Reserved.
Zeilenga LDAPprep [Page 18]
Internet-Draft draft-ietf-ldapbis-strprep-03 15 February 2004
Copyright (C) The Internet Society (2004). All Rights Reserved.
This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it
or assist in its implmentation may be prepared, copied, published and
or assist in its implementation may be prepared, copied, published and
distributed, in whole or in part, without restriction of any kind,
provided that the above copyright notice and this paragraph are
included on all such copies and derivative works. However, this
@ -1007,5 +1046,22 @@ Full Copyright
Zeilenga LDAPprep [Page 18]
Zeilenga LDAPprep [Page 19]

309
doc/drafts/draft-ietf-ldapbis-url-xx.txt
View File

@ -1,19 +1,15 @@
Network Working Group Mark Smith, Editor
Request for Comments: DRAFT Netscape Communications Corp.
Request for Comments: DRAFT Pearl Crescent, LLC
Obsoletes: RFC 2255 Tim Howes
Expires: 25 April 2004 Opsware, Inc.
Expires: 13 August 2004 Opsware, Inc.
25 October 2003
13 February 2004
LDAP: Uniform Resource Locator
<draft-ietf-ldapbis-url-04.txt>
<draft-ietf-ldapbis-url-05.txt>
@ -42,7 +38,7 @@ Expires: 25 April 2004 Opsware, Inc.
Revision (ldapbis) Working Group mailing list <ietf-
ldapbis@openldap.org>.
Copyright (C) The Internet Society (2003). All Rights Reserved.
Copyright (C) The Internet Society (2004). All Rights Reserved.
2. Abstract
@ -57,7 +53,7 @@ Copyright (C) The Internet Society (2003). All Rights Reserved.
Smith & Howes Intended Category: Standards Track [Page 1]
INTERNET-DRAFT LDAP: Uniform Resource Locator 25 October 2003
INTERNET-DRAFT LDAP: Uniform Resource Locator 13 February 2004
3. Table of Contents
@ -66,16 +62,16 @@ INTERNET-DRAFT LDAP: Uniform Resource Locator 25 October 2003
2. Abstract.......................................................1
3. Table of Contents..............................................2
4. Introduction...................................................2
5. URL Definition.................................................2
5.1. Escaping Using the Method.................................4
5. URL Definition.................................................3
5.1. Escaping Using the % Method.................................4
6. Defaults for Fields of the LDAP URL............................5
7. Examples.......................................................6
8. Security Considerations........................................8
7. Examples.......................................................5
8. Security Considerations........................................7
9. Normative References...........................................8
10. Informative References.........................................9
11. Intellectual Property Rights...................................9
12. Acknowledgements...............................................10
13. Authors' Address...............................................10
13. Authors' Addresses.............................................10
14. Full Copyright Statement.......................................11
15. Appendix A: Changes Since RFC 2255.............................11
15.1. Technical Changes...........................................11
@ -105,17 +101,20 @@ INTERNET-DRAFT LDAP: Uniform Resource Locator 25 October 2003
The key words "MUST", "MAY", and "SHOULD" used in this document are
to be interpreted as described in [RFC2119].
5. URL Definition
An LDAP URL begins with the protocol prefix "ldap" and is defined by
Smith & Howes Intended Category: Standards Track [Page 2]
INTERNET-DRAFT LDAP: Uniform Resource Locator 25 October 2003
INTERNET-DRAFT LDAP: Uniform Resource Locator 13 February 2004
5. URL Definition
An LDAP URL begins with the protocol prefix "ldap" and is defined by
the following grammar, following the ABNF notation defined in
[RFC2234].
@ -140,7 +139,7 @@ INTERNET-DRAFT LDAP: Uniform Resource Locator 25 October 2003
exvalue = <LDAPString from section 4.1.2 of [Protocol]>
; see the "Escaping Using the % Method" section below.
oid = <LDAPOID from section 4.1.2 of [Protocol]>
oiddescr = <name from section 3.3 of [RFC3383]>
oiddescr = <name from section 3.3 of [LDAPIANA]>
EXCLAMATION = %x21 ; exclamation mark ("!")
ASTERISK = %x2A ; asterisk ("*")
@ -162,16 +161,15 @@ INTERNET-DRAFT LDAP: Uniform Resource Locator 25 October 2003
be returned from the entry or entries. Individual attrdesc names are
as defined for AttributeDescription in [Protocol].
The scope construct is used to specify the scope of the search to
perform in the given LDAP server. The allowable scopes are "base"
Smith & Howes Intended Category: Standards Track [Page 3]
INTERNET-DRAFT LDAP: Uniform Resource Locator 25 October 2003
INTERNET-DRAFT LDAP: Uniform Resource Locator 13 February 2004
The scope construct is used to specify the scope of the search to
perform in the given LDAP server. The allowable scopes are "base"
for a base object search, "one" for a one-level search, or "sub" for
a subtree search.
@ -190,24 +188,17 @@ INTERNET-DRAFT LDAP: Uniform Resource Locator 25 October 2003
character (ASCII 33) is critical. An extension not prefixed with a
'!' character is non-critical.
If an extension is supported by the client, the client MUST obey the
extension if the extension is critical. The client SHOULD obey
supported extensions that are non-critical.
If an extension is unsupported by the client, the client MUST NOT
process the URL if the extension is critical. If an unsupported
extension is non-critical, the client MUST ignore the extension.
If a critical extension cannot be processed successfully by the
client, the client MUST NOT process the URL. If a non-critical
extension cannot be processed successfully by the client, the client
SHOULD ignore the extension.
If an LDAP URL extension is recognized by an implementation, the
implementation MUST make use of it. If an extension is not
recognized and is marked critical, the implementation MUST NOT
process the URL. If an extension is not recognized and it not marked
critical, the implementation MUST ignore the extension.
The extension type (extype) MAY be specified using the oid form
(e.g., 1.2.3.4) or the oiddesc form (e.g., myLDAPURLExtension). Use
of the oiddesc form SHOULD be restricted to registered object
identifier descriptive names. See [RFC3383] for registration details
and usage guidelines for descriptive names.
identifier descriptive names. See [LDAPIANA] for registration
details and usage guidelines for descriptive names.
No LDAP URL extensions are defined in this document. Other documents
or a future version of this document MAY define one or more
@ -218,22 +209,21 @@ INTERNET-DRAFT LDAP: Uniform Resource Locator 25 October 2003
A generated LDAP URL MUST consist only of the restricted set of
characters included in the uric production that is defined in section
2 of [RFC2396]. Implementations SHOULD accept other valid UTF-8
strings [UTF-8] as input. An octet MUST be escaped using the %
strings [RFC3629] as input. An octet MUST be escaped using the %
method described in section 2.4 of [RFC2396] in any of these
Smith & Howes Intended Category: Standards Track [Page 4]
INTERNET-DRAFT LDAP: Uniform Resource Locator 25 October 2003
situations:
The octet is not in the reserved set defined in section 2.2 of
[RFC2396] or in the unreserved set defined in section 2.3 of
[RFC2396].
Smith & Howes Intended Category: Standards Track [Page 4]
INTERNET-DRAFT LDAP: Uniform Resource Locator 13 February 2004
It is the single Reserved character '?' and occurs inside a dn,
filter, or other element of an LDAP URL.
@ -244,7 +234,7 @@ INTERNET-DRAFT LDAP: Uniform Resource Locator 25 October 2003
Some fields of the LDAP URL are optional, as described above. In the
absence of any other specification, the following general defaults
SHOULD be used when a field is absent. Note: other documents MAY
specify different defaulting rules; for example, section 4.1.11 of
specify different defaulting rules; for example, section 4.1.10 of
[Protocol] specifies a different rule for determining the correct DN
to use when it is absent in an LDAP URL that is returned as a
referral.
@ -274,6 +264,12 @@ INTERNET-DRAFT LDAP: Uniform Resource Locator 25 October 2003
If extensions is omitted, no extensions are assumed.
7. Examples
The following are some example LDAP URLs using the format defined
above. The first example is an LDAP URL referring to the University
of Michigan entry, available from an LDAP server of the client's
choosing:
@ -281,16 +277,9 @@ INTERNET-DRAFT LDAP: Uniform Resource Locator 25 October 2003
Smith & Howes Intended Category: Standards Track [Page 5]
INTERNET-DRAFT LDAP: Uniform Resource Locator 25 October 2003
INTERNET-DRAFT LDAP: Uniform Resource Locator 13 February 2004
7. Examples
The following are some example LDAP URLs using the format defined
above. The first example is an LDAP URL referring to the University
of Michigan entry, available from an LDAP server of the client's
choosing:
ldap:///o=University%20of%20Michigan,c=US
The next example is an LDAP URL referring to the University of
@ -332,23 +321,26 @@ INTERNET-DRAFT LDAP: Uniform Resource Locator 25 October 2003
the LDAP entry named "o=Question?,c=US" is given below, illustrating
the use of the escaping mechanism on the reserved character '?'.
ldap://ldap2.example.com/o=Question%3f,c=US?mail
The next example (which is broken into two lines for readability)
illustrates the interaction between the LDAP string representation of
filters quoting mechanism and URL quoting mechanisms.
Smith & Howes Intended Category: Standards Track [Page 6]
INTERNET-DRAFT LDAP: Uniform Resource Locator 25 October 2003
INTERNET-DRAFT LDAP: Uniform Resource Locator 13 February 2004
ldap://ldap2.example.com/o=Question%3f,c=US?mail
ldap://ldap3.example.com/o=Babsco,c=US
???(four-octet=%5c00%5c00%5c00%5c04)
The next example illustrates the interaction between the LDAP string
representation of filters quoting mechanism and URL quoting
mechanisms.
ldap://ldap3.example.com/o=Babsco,c=US???(four-octet=%5c00%5c00%5c00%5c04)
IP The filter in this example uses the LDAP escaping mechanism of \
to encode three zero or null bytes in the value. In LDAP, the filter
The filter in this example uses the LDAP escaping mechanism of \ to
encode three zero or null bytes in the value. In LDAP, the filter
would be written as (four-octet=\00\00\00\04). Because the \
character must be escaped in a URL, the \'s are escaped as %5c in the
URL encoding.
@ -388,19 +380,18 @@ name extension (the value associated with the extension is an LDAP DN).
the e-bindname extension.
8. Security Considerations
General URL security considerations discussed in [RFC2396] are
relevant for LDAP URLs.
Smith & Howes Intended Category: Standards Track [Page 7]
INTERNET-DRAFT LDAP: Uniform Resource Locator 25 October 2003
INTERNET-DRAFT LDAP: Uniform Resource Locator 13 February 2004
8. Security Considerations
General URL security considerations discussed in [RFC2396] are
relevant for LDAP URLs.
The use of security mechanisms when processing LDAP URLs requires
particular care, since clients may encounter many different servers
via URLs, and since URLs are likely to be processed automatically,
@ -443,50 +434,50 @@ INTERNET-DRAFT LDAP: Uniform Resource Locator 25 October 2003
9. Normative References
[LDAPDN] Zeilenga, K. (editor), "LDAP: String Representation of
[AuthMeth] Harrison, R. (editor), "LDAP: Authentication Methods",
draft-ietf-ldapbis-authmeth-xx.txt, a work in progress. a
work in progress.
[LDAPDN] Zeilenga, K. (editor), "LDAP: String Representation of
Distinguished Names", draft-ietf-ldapbis-dn-xx.txt, a work
Smith & Howes Intended Category: Standards Track [Page 8]
INTERNET-DRAFT LDAP: Uniform Resource Locator 25 October 2003
INTERNET-DRAFT LDAP: Uniform Resource Locator 13 February 2004
Distinguished Names", draft-ietf-ldapbis-dn-xx.txt, a work in
progress.
in progress.
[Filters] Smith, M. and Howes, T., "LDAP: String Representation of
Search Filters", draft-ietf-ldapbis-filter-xx.txt, a work in
progress.
[Filters] Smith, M. and Howes, T., "LDAP: String Representation of
Search Filters", draft-ietf-ldapbis-filter-xx.txt, a work in
progress.
[RFC2119] Bradner, S., "Key Words for use in RFCs to Indicate
Requirement Levels," RFC 2119, BCP 14, March 1997.
[LDAPIANA] Zeilenga, K., "IANA Considerations for LDAP", draft-ietf-
ldapbis-bcp64-xx.txt, a work in progress.
[Protocol] Sermersheim, J. (editor), "LDAP: The Protocol", draft-
ietf-ldapbis-protocol-xx.txt, a work in progress.
[RFC2119] Bradner, S., "Key Words for use in RFCs to Indicate
Requirement Levels," RFC 2119, BCP 14, March 1997.
[RFC2234] Crocker, D., Overell, P., "Augmented BNF for Syntax
Specifications: ABNF", RFC 2234, November 1997.
[Protocol] Sermersheim, J. (editor), "LDAP: The Protocol", draft-ietf-
ldapbis-protocol-xx.txt, a work in progress.
[RFC2396] Berners-Lee, T., Fielding, R., and Masinter, L., "Uniform
Resource Identifiers (URI): Generic Syntax", RFC 2396, August 1998.
[RFC2234] Crocker, D., Overell, P., "Augmented BNF for Syntax
Specifications: ABNF", RFC 2234, November 1997.
[RFC2732] Hinden, R., Carpenter, B., Masinter, L., "Format for
Literal IPv6 Addresses in URL's", RFC 2732, December 1999.
[RFC2396] Berners-Lee, T., Fielding, R., and Masinter, L., "Uniform
Resource Identifiers (URI): Generic Syntax", RFC 2396,
August 1998.
[RFC3383] Zeilenga, K., "Internet Assigned Numbers Authority (IANA)
Considerations for the Lightweight Directory Access Protocol
(LDAP)", RFC 3383, September 2002.
[RFC2732] Hinden, R., Carpenter, B., Masinter, L., "Format for Literal
IPv6 Addresses in URL's", RFC 2732, December 1999.
[AuthMeth] Harrison, R. (editor), "LDAP: Authentication Methods",
draft-ietf-ldapbis-authmeth-xx.txt, a work in progress. a work in
progress.
[Roadmap] K. Zeilenga (editor), "LDAP: Technical Specification Road
Map", draft-ietf-ldapbis-roadmap-xx.txt, a work in progress.
[Roadmap] K. Zeilenga (editor), "LDAP: Technical Specification Road
Map", draft-ietf-ldapbis-roadmap-xx.txt, a work in progress.
[UTF-8] Yergeau, F., "UTF-8, a transformation format of ISO 10646",
draft-yergeau-rfc2279bis-xx.txt, a work in progress.
[RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO 10646",
RFC 3629, November 2003.
10. Informative References
@ -500,19 +491,19 @@ INTERNET-DRAFT LDAP: Uniform Resource Locator 25 October 2003
this document or the extent to which any license under such rights
might or might not be available; neither does it represent that it
has made any effort to identify any such rights. Information on the
Smith & Howes Intended Category: Standards Track [Page 9]
INTERNET-DRAFT LDAP: Uniform Resource Locator 25 October 2003
IETF's procedures with respect to rights in standards-track and
standards-related documentation can be found in BCP-11. Copies of
claims of rights made available for publication and any assurances of
licenses to be made available, or the result of an attempt made to
obtain a general license or permission for the use of such
Smith & Howes Intended Category: Standards Track [Page 9]
INTERNET-DRAFT LDAP: Uniform Resource Locator 13 February 2004
proprietary rights by implementors or users of this specification can
be obtained from the IETF Secretariat.
@ -540,15 +531,15 @@ INTERNET-DRAFT LDAP: Uniform Resource Locator 25 October 2003
Kurt Zeilenga, Jim Sermersheim, and Hallvard Furuseth deserve special
thanks for their contributions.
13. Authors' Address
13. Authors' Addresses
Mark Smith, Editor
Netscape Communications Corp.
360 W. Caribbean Drive
Sunnyvale, CA 94089
Pearl Crescent, LLC
447 Marlpool Dr.
Saline, MI 48176
USA
+1 650 937-3477
MarkCSmithWork@aol.com
+1 734 944-2856
mcs@pearlcrescent.com
Tim Howes
Opsware, Inc.
@ -556,19 +547,22 @@ INTERNET-DRAFT LDAP: Uniform Resource Locator 25 October 2003
Sunnyvale, CA 94085
USA
+1 408 744-7509
howes@opsware.com
Smith & Howes Intended Category: Standards Track [Page 10]
INTERNET-DRAFT LDAP: Uniform Resource Locator 25 October 2003
INTERNET-DRAFT LDAP: Uniform Resource Locator 13 February 2004
howes@opsware.com
14. Full Copyright Statement
Copyright (C) The Internet Society (2003). All Rights Reserved.
Copyright (C) The Internet Society (2004). All Rights Reserved.
This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it
@ -615,18 +609,20 @@ INTERNET-DRAFT LDAP: Uniform Resource Locator 25 October 2003
Smith & Howes Intended Category: Standards Track [Page 11]
INTERNET-DRAFT LDAP: Uniform Resource Locator 25 October 2003
INTERNET-DRAFT LDAP: Uniform Resource Locator 13 February 2004
Changed the ABNF for ldapurl to group the dn component with the
preceding slash.
Changed the extype rule to be an LDAPOID from [Protocol] or an OID
description from [RFC3383].
description from [LDAPIANA].
Changed the text about extension types so it references [RFC3383].
Changed the text about extension types so it references [LDAPIANA].
Reordered rules to more closely follow the order the elements appear
in the URL.
@ -661,21 +657,23 @@ INTERNET-DRAFT LDAP: Uniform Resource Locator 25 October 2003
break within '!' sequence. Reworded last paragraph to clarify which
characters must be URL escaped. Added text to indicate that LDAP
URLs are used for references and referrals. Added text that refers
to the ABNF from RFC 2234.
to the ABNF from RFC 2234. Clarified and strengthened the
requirements with respect to processing of URLs that contain
recognized and unrecognized extensions (the approach now matches that
specified in [Protocol] for LDAP controls).
"Defaults for Fields of the LDAP URL" section: added; formed by
moving text about defaults out of the "URL Definition" section.
"URL Processing" section: clarified that connections MAY be reused
only if the open connection is compatible with the URL. Added text
Smith & Howes Intended Category: Standards Track [Page 12]
INTERNET-DRAFT LDAP: Uniform Resource Locator 25 October 2003
INTERNET-DRAFT LDAP: Uniform Resource Locator 13 February 2004
"URL Processing" section: clarified that connections MAY be reused
only if the open connection is compatible with the URL. Added text
to indicate that use of security services is encouraged and that they
SHOULD be used when updates are involved. Removed "dn" from
discussion of authentication methods. Added note that the client MAY
@ -693,7 +691,7 @@ INTERNET-DRAFT LDAP: Uniform Resource Locator 25 October 2003
"Security Considerations" section: Added a note about connection
reuse. Added a note about using strong authentication methods for
updates. Added a reference to RFC 2829. Added note that simply
updates. Added a reference to [AuthMeth]. Added note that simply
opening a connection may violate some users' privacy requirements.
"Acknowledgements" section: added statement about this being an
@ -702,15 +700,16 @@ INTERNET-DRAFT LDAP: Uniform Resource Locator 25 October 2003
"Normative References" section: renamed from "References" per new RFC
guidelines. Changed from [1] style to [Protocol] style throughout the
document. Added references to RFCs 2234, 2829, and 3383. Updated
RFC 1738 references to the appropriate sections within RFC 2396.
Updated the references to refer to LDAPBis WG documents. Removed the
reference to the LDAP Attribute Syntaxes document and added a
reference to the Roadmap document.
document. Added references to RFC 2234, RFC 2732, and RFC 3629.
Updated all RFC 1738 references to point to the appropriate sections
within RFC 2396. Updated the LDAP references to refer to LDAPBis WG
documents. Removed the reference to the LDAP Attribute Syntaxes
document and added references to the [AuthMeth], [LDAPIANA], and
[Roadmap] documents.
"Informative References" section: added for clarity.
Header and "Authors' Address" sections: added "editor" next to Mark
Header and "Authors' Addresses" sections: added "editor" next to Mark
Smith's name. Updated affiliation and contact information.
Copyright: updated the year.
@ -719,51 +718,48 @@ INTERNET-DRAFT LDAP: Uniform Resource Locator 25 October 2003
16. Appendix B: Changes Since Previous Document Revision
This appendix lists all changes relative to the previously published
revision, draft-ietf-ldapbis-url-03.txt. Note that when appropriate
revision, draft-ietf-ldapbis-url-04.txt. Note that when appropriate
these changes are also included in Appendix A, but are also included
here for the benefit of the people who have already reviewed draft-
ietf-ldapbis-url-03.txt. This section will be removed before this
document is published as an RFC.
Smith & Howes Intended Category: Standards Track [Page 13]
INTERNET-DRAFT LDAP: Uniform Resource Locator 25 October 2003
INTERNET-DRAFT LDAP: Uniform Resource Locator 13 February 2004
here for the benefit of the people who have already reviewed draft-
ietf-ldapbis-url-04.txt. This section will be removed before this
document is published as an RFC.
16.1. Technical Changes
None.
Clarified and strengthened the requirements with respect to
processing of URLs that contain recognized and unrecognized
extensions (the approach now matches that specified in [Protocol] for
LDAP controls).
16.2. Editorial Changes
"URL Definition" section: added comments in the ABNF to point the
reader to the "Escaping Using the % Method" section, which was
changed into a section of its own to highlight the importance of
escaping the URL components correctly.
"URL Definition" section: corrected a section reference to
[Protocol].
"Examples" section: changed the name of an attribute used in one
example from "int" to "four-octet" to avoid potential confusion.
"Examples" section: improved formatting and fixed a typographic error
(removed extraneous "IP") in the "four-octet" example.
Replaced all occurrences of "asterix" with the correctly spelled
"asterisk."
"Normative References" section: changed the UTF-8 reference to point
to RFC 3629, changed the RFC 3383 reference to point to the LDAP IANA
Internet Draft, and indented the reference descriptions to enhance
readability.
"Normative References" section: changed UTF-8 reference to point to
the UTF-8 Internet Draft; replace [LDAPIANA] Internet Draft reference
with a reference to RFC 3383.
Authors' Addresses section: New contact information for Mark Smith.
"Intellectual Property Rights" section: added.
Author's Addresses section: New email address for Mark Smith.
"Full Copyright Statement" section: updated text to match latest IETF
guidelines.
Updated the copyright year to 2004.
This Internet Draft expires on 25 April 2004.
This Internet Draft expires on 13 August 2004.
@ -785,3 +781,4 @@ This Internet Draft expires on 25 April 2004.
Smith & Howes Intended Category: Standards Track [Page 14]

1997
doc/drafts/draft-zeilenga-ldup-sync-xx.txt
View File

File diff suppressed because it is too large Load Diff