mirror of
https://git.openldap.org/openldap/openldap.git
synced 2024-12-27 03:20:22 +08:00
676 lines
22 KiB
Plaintext
676 lines
22 KiB
Plaintext
|
||
|
||
|
||
|
||
|
||
|
||
INTERNET-DRAFT Kurt D. Zeilenga
|
||
Intended Category: Experimental OpenLDAP Foundation
|
||
Expires in six months 27 February 2006
|
||
|
||
|
||
|
||
The LDAP Manage Directory Information Tree Control
|
||
<draft-zeilenga-ldap-managedit-00.txt>
|
||
|
||
|
||
Status of this Memo
|
||
|
||
This document is intended to be, after appropriate review and
|
||
revision, submitted to the RFC Editor for publication as an
|
||
Experimental document. Distribution of this memo is unlimited.
|
||
Technical discussion of this document will take place on the IETF LDAP
|
||
Extensions mailing list <ldapext@ietf.org>. Please send editorial
|
||
comments directly to the author <Kurt@OpenLDAP.org>.
|
||
|
||
By submitting this Internet-Draft, each author represents that any
|
||
applicable patent or other IPR claims of which he or she is aware have
|
||
been or will be disclosed, and any of which he or she becomes aware
|
||
will be disclosed, in accordance with Section 6 of BCP 79.
|
||
|
||
Internet-Drafts are working documents of the Internet Engineering Task
|
||
Force (IETF), its areas, and its working groups. Note that other
|
||
groups may also distribute working documents as Internet-Drafts.
|
||
|
||
Internet-Drafts are draft documents valid for a maximum of six months
|
||
and may be updated, replaced, or obsoleted by other documents at any
|
||
time. It is inappropriate to use Internet-Drafts as reference material
|
||
or to cite them other than as "work in progress."
|
||
|
||
The list of current Internet-Drafts can be accessed at
|
||
http://www.ietf.org/1id-abstracts.html
|
||
|
||
The list of Internet-Draft Shadow Directories can be accessed at
|
||
http://www.ietf.org/shadow.html
|
||
|
||
|
||
Copyright (C) The Internet Society (2006). All Rights Reserved.
|
||
|
||
Please see the Full Copyright section near the end of this document
|
||
for more information.
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
Zeilenga LDAP Manage DIT Control [Page 1]
|
||
|
||
INTERNET-DRAFT draft-zeilenga-ldap-managedit-00 27 February 2006
|
||
|
||
|
||
Abstract
|
||
|
||
This document defines the Lightweight Directory Access Protocol (LDAP)
|
||
Manage Directory Information Tree (DIT) Control which allows a
|
||
directory user agent (a client) to request the directory service
|
||
temporarily relax enforcement of constraints of the X.500 models.
|
||
|
||
|
||
1. Background and Intended Use
|
||
|
||
Directory servers accessible via Lightweight Directory Access Protocol
|
||
(LDAP) [Roadmap] are expected to act in accordance with the X.500
|
||
series of ITU-T Recommendations. In particular, servers are expected
|
||
to ensure the X.500 data and service models are not violated.
|
||
|
||
An LDAP server is expected to prevent modification of the structural
|
||
object class of an object [Models]. That is, the X.500 models do not
|
||
allow a 'person' object to be transformed into an
|
||
'organizationalPerson' object through modification of the object.
|
||
Instead, the 'person' object must be deleted and then a new
|
||
'organizationalPerson' object created in its place. This approach,
|
||
aside from being inconvient, is problematic for a number reasons.
|
||
First, as LDAP does not have a standardized method for performing the
|
||
two operations in a single transaction, the intermediate directory
|
||
state (after the delete, before the add) is visible to other clients,
|
||
which may lead to undesirable client behavior. Second, attributes
|
||
such as entryUUID [entryUUID] will reflect the object was replaced,
|
||
not transformed.
|
||
|
||
An LDAP server is expected to prevent clients from modifying values of
|
||
NO-USER-MODIFICATION attributes [Models]. For instance, an entry is
|
||
not allowed to assign or modify the value of the entryUUID attribute.
|
||
However, where an administrator is restoring a previously existing
|
||
object, for instance when repartitioning data between directory
|
||
servers or when migrating from one vendor server product to another,
|
||
it may be desirable to allow the client to assign or modify the value
|
||
of the entryUUID attribute.
|
||
|
||
This document specifies the Manage Directory Information Tree (DIT)
|
||
control. The Manage DIT control may be attached to LDAP requests to
|
||
update the DIT to request DIT restrictions be temporarily relaxed
|
||
during the performance of the requested DIT update. The server is
|
||
however to ensure the resulting directory state is valid.
|
||
|
||
Use of this control is expected that use of this extension will be
|
||
restricted by administrative and/or access controls. It is intended
|
||
to be used by directory administrators.
|
||
|
||
|
||
|
||
|
||
Zeilenga LDAP Manage DIT Control [Page 2]
|
||
|
||
INTERNET-DRAFT draft-zeilenga-ldap-managedit-00 27 February 2006
|
||
|
||
|
||
This extension is considered experimental as it is not yet clear
|
||
whether it adequately addresses directory administrators' needs for
|
||
flexible mechanisms for managing directory objects. It is hoped that
|
||
after suitable amount of time, either this extension or a suitable
|
||
replacement will be standardization.
|
||
|
||
|
||
1.1. Terminology
|
||
|
||
Protocol elements are described using ASN.1 [X.680] with implicit
|
||
tags. The term "BER-encoded" means the element is to be encoded using
|
||
the Basic Encoding Rules [X.690] under the restrictions detailed in
|
||
Section 5.2 of [Protocol].
|
||
|
||
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
|
||
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
|
||
document are to be interpreted as described in BCP 14 [RFC2119].
|
||
|
||
DSA stands for Directory System Agent, a server. DSE stands for DSA-
|
||
specific Entry.
|
||
|
||
|
||
2. The Manage DIT Control
|
||
|
||
The Manage DIT control is an LDAP Control [Protocol] whose controlType
|
||
is IANA-ASSIGNED-OID, controlValue is empty, and the criticality of
|
||
TRUE.
|
||
|
||
There is no corresponding response control.
|
||
|
||
The control is appropriate for all LDAP update requests, including
|
||
add, delete, modify, and modifyDN (rename) [Protocol].
|
||
|
||
The presence of the Manage DIT control in an LDAP update request
|
||
indicates the server temporarily relax X.500 model contraints during
|
||
performance of the directory update.
|
||
|
||
The server may restrict use of this control and/or limit the extent of
|
||
the relaxation provided based upon local policy or factors.
|
||
|
||
The server is obligated to ensure the resulting directory state is
|
||
consistent with the X.500 models. For instance, the server ensure
|
||
that values of attributes conform to the value syntax.
|
||
|
||
It is noted that while this extension may be used to add or modify
|
||
objects in a manner which violate the controlling subschema, the
|
||
presence of objects in the DIT is not inconsistent with the X.500
|
||
models. For instance, an object created prior to establshment of a
|
||
|
||
|
||
|
||
Zeilenga LDAP Manage DIT Control [Page 3]
|
||
|
||
INTERNET-DRAFT draft-zeilenga-ldap-managedit-00 27 February 2006
|
||
|
||
|
||
DIT content rule may contain an attribute now precluded by the current
|
||
controlling DIT Content Rule.
|
||
|
||
Servers implementing this technical specification SHOULD publish the
|
||
object identifier IANA-ASSIGNED-OID as a value of the
|
||
'supportedControl' attribute [Models] in their root DSE. A server MAY
|
||
choose to advertise this extension only when the client is authorized
|
||
to use it.
|
||
|
||
|
||
3. Use Cases
|
||
|
||
3.1. Object metamorphism
|
||
|
||
In absence of this control, an attempt to modify an object's
|
||
'objectClass' in a manner which cause a change in the structural
|
||
object class of the object would normally lead to an
|
||
objectClassModsProhibited error [Protocol]. The presence of the
|
||
Manage DIT control in the modify request requests the change be
|
||
allowed. If the server is willing and able to allow the change in the
|
||
structural object class of the object.
|
||
|
||
For instance, to change an 'organization' object into an
|
||
'organizationalUnit' object, a client could issue the following LDAP
|
||
request:
|
||
|
||
dn: o=Unit,dc=example,dc=net
|
||
control: IANA-ASSIGNED-OID
|
||
changetype: modify
|
||
delete: objectClass
|
||
objectClass: organization
|
||
-
|
||
add: objectClass
|
||
objectClass: organizationalUnit
|
||
-
|
||
|
||
In this case, the server is expected to either effect the requested
|
||
change in the structural object class, including updating of the value
|
||
of the structural object class, or fail the operation.
|
||
|
||
|
||
3.2. Inactive Attribute Types
|
||
|
||
In absence of the Manage DIT control, an attempt to add or modify
|
||
values to an attribute whose type has been marked inactive in the
|
||
controlling subschema (its attribute type description contains the
|
||
OBSOLETE field) [Models] normally results in a failure.
|
||
|
||
|
||
|
||
|
||
Zeilenga LDAP Manage DIT Control [Page 4]
|
||
|
||
INTERNET-DRAFT draft-zeilenga-ldap-managedit-00 27 February 2006
|
||
|
||
|
||
In the presence of the Manage DIT control, the server performs the
|
||
update operation as if the attribute's type is marked active in the
|
||
controlling subschema (its attribute type description does not contain
|
||
the OBSOLETE field).
|
||
|
||
|
||
3.3. DIT Content Rules
|
||
|
||
In absence of the Manage DIT control, an attempt to include the name
|
||
(or OID) of an auxiliary class to an object's 'objectClass' which is
|
||
not allowed by the controlling DIT Content Rule would be disallowed
|
||
[Models]. Additionally, an attempt to add values of an attribute not
|
||
allowed (or explicitly precluded) by the DIT Content Rule would fail.
|
||
|
||
In presence of the Manage DIT control, the server performs the update
|
||
operation as if the controlling DIT Content Rule allowed any and all
|
||
known auxiliary classses to be present and allowed any and all known
|
||
attributes to be present (and precluded no attributes).
|
||
|
||
|
||
3.4. DIT Structure Rules and Name Forms
|
||
|
||
In absence of the Manage DIT control, the service enforces DIT
|
||
structure rules and name form requirements of the controlling
|
||
subschema [Models].
|
||
|
||
In the presence of the Manage DIT control, the server performs the
|
||
update operation ignoring all DIT structure rules and name forms in
|
||
the controlling subschema.
|
||
|
||
|
||
3.5. Modification of Nonconformant Objects
|
||
|
||
It is also noted that in absense of this control, modification of an
|
||
object which presently violates the controlling subschema will fail
|
||
unless the modification would result in the object conforming to the
|
||
controlling subschema. That is, modifications of an non-conformant
|
||
object should result in a conformant object.
|
||
|
||
In the presence of this control, modifications of a non-conformant
|
||
object need not result in a conformant object.
|
||
|
||
|
||
3.6. NO-USER-MODIFICATION attribute modification
|
||
|
||
In absence of this control, an attempt to modify values of a
|
||
NO-USER-MODIFICATION attribute would normally lead to a
|
||
constraintViolation or other appropriate error [Protocol]. In the
|
||
|
||
|
||
|
||
Zeilenga LDAP Manage DIT Control [Page 5]
|
||
|
||
INTERNET-DRAFT draft-zeilenga-ldap-managedit-00 27 February 2006
|
||
|
||
|
||
presence of the Manage DIT control in the update request requests the
|
||
modification be allowed.
|
||
|
||
Relaxation of the NO-USER-MODIFICATION constraint is not appropriate
|
||
for some operational attribute types. For instance, as the value of
|
||
the 'structuralObjectClass' is derived by the values of the
|
||
'objectClass' attribute, the 'structuralObjectClass' attribute type's
|
||
NO-USER-MODIFICATION contraint MUST NOT be relaxed. To effect a
|
||
change in the structuralObjectClass class, values of objectClass
|
||
should be changed as discussed in Section 3.1. Other attributes for
|
||
which the NO-USER-MODIFICATION constraint should not be relaxed
|
||
include 'entryDN' [EntryDN], 'subschemaSubentry' [Models], and
|
||
'collectiveAttributeSubentries' [RFC3671].
|
||
|
||
The subsections of this section discuss modification of various
|
||
operational attributes where their NO-USER-MODIFICATION constraint may
|
||
be relaxed. Future documents may specify where NO-USER-MODIFICATION
|
||
constraints on other operational attribute may be relaxed. In absence
|
||
of a document detailing that the NO-USER-MODIFICATION constraint on a
|
||
particular operational attribute may be relaxed, implementors SHOULD
|
||
assume relaxation of the constraint is not appropriate for that
|
||
attribute.
|
||
|
||
|
||
3.1.1. entryUUID
|
||
|
||
To provide a value for the 'entryUUID' attribute on entry creation,
|
||
the client should issue an LDAP Add request with a Manage DIT control
|
||
providing the desired value. For instance:
|
||
|
||
dn: ou=Unit,dc=example,dc=net
|
||
control: IANA-ASSIGNED-OID
|
||
changetype: add
|
||
objectClass: organizationalUnit
|
||
ou: Unit
|
||
entryUUID: 597ae2f6-16a6-1027-98f4-d28b5365dc14
|
||
|
||
In this case, the server is either to add the entry using the
|
||
provided 'entryUUID' value or fail the request.
|
||
|
||
To provide a replacement value for the 'entryUUID' after entry
|
||
creation, the client should issue an LDAP Modify request with a
|
||
Manage DIT control including an approrpiate change. For instance:
|
||
|
||
dn: ou=Unit,dc=example,dc=net
|
||
control: IANA-ASSIGNED-OID
|
||
changetype: modify
|
||
replace: entryUUID
|
||
|
||
|
||
|
||
Zeilenga LDAP Manage DIT Control [Page 6]
|
||
|
||
INTERNET-DRAFT draft-zeilenga-ldap-managedit-00 27 February 2006
|
||
|
||
|
||
entryUUID: 597ae2f6-16a6-1027-98f4-d28b5365dc14
|
||
-
|
||
|
||
In this case, the server is either to replace the 'entryUUID' value
|
||
as requested or fail the request.
|
||
|
||
|
||
3.2.2. createTimestamp
|
||
|
||
To provide a value for the 'createTimestamp' attribute on entry
|
||
creation, the client should issue an LDAP Add request with a Manage
|
||
DIT control providing the desired 'createTimestamp' value. For
|
||
instance:
|
||
|
||
dn: ou=Unit,dc=example,dc=net
|
||
control: IANA-ASSIGNED-OID
|
||
changetype: add
|
||
objectClass: organizationalUnit
|
||
ou: Unit
|
||
createTimestamp: 20060101000000Z
|
||
|
||
In this case, the server is either to add the entry using the
|
||
provided 'createTimestamp' value or fail the request.
|
||
|
||
To provide a replacement value for the 'createTimestamp' after
|
||
entry creation, the client should issue an LDAP Modify request with
|
||
a Manage DIT control including an approrpiate change. For instance:
|
||
|
||
dn: ou=Unit,dc=example,dc=net
|
||
control: IANA-ASSIGNED-OID
|
||
changetype: modify
|
||
replace: createTimestamp
|
||
createTimestamp: 20060101000000Z
|
||
-
|
||
|
||
In this case, the server is either to replace the 'createTimestamp'
|
||
value as requested or fail the request.
|
||
|
||
The server should ensure the requested 'createTimestamp' value is
|
||
appropriate. In particular, it should fail the request if the
|
||
requested 'createTimestamp' value is in the future or is greater
|
||
than the value of the 'modifyTimestamp' attribute.
|
||
|
||
|
||
3.2.3. modifyTimestamp
|
||
|
||
To provide a value for the 'modifyTimestamp' attribute on entry
|
||
creation, the client should issue an LDAP Add request with a Manage
|
||
|
||
|
||
|
||
Zeilenga LDAP Manage DIT Control [Page 7]
|
||
|
||
INTERNET-DRAFT draft-zeilenga-ldap-managedit-00 27 February 2006
|
||
|
||
|
||
DIT control providing the desired 'modifyTimestamp' value. For
|
||
instance:
|
||
|
||
dn: ou=Unit,dc=example,dc=net
|
||
control: IANA-ASSIGNED-OID
|
||
changetype: add
|
||
objectClass: organizationalUnit
|
||
ou: Unit
|
||
modifyTimestamp: 20060101000000Z
|
||
|
||
In this case, the server is either to add the entry using
|
||
the provided 'modifyTimestamp' value or fail the request.
|
||
|
||
To provide a replacement value for the 'modifyTimestamp' after
|
||
entry creation, the client should issue an LDAP Modify
|
||
request with a Manage DIT control including an approrpiate
|
||
change. For instance:
|
||
|
||
dn: ou=Unit,dc=example,dc=net
|
||
control: IANA-ASSIGNED-OID
|
||
changetype: modify
|
||
replace: modifyTimestamp
|
||
modifyTimestamp: 20060101000000Z
|
||
-
|
||
|
||
In this case, the server is either to replace the 'modifyTimestamp'
|
||
value as requested or fail the request.
|
||
|
||
The server should ensure the requested 'modifyTimestamp' value is
|
||
appropriate. In particular, it should fail the request if the
|
||
requested 'modifyTimestamp' value is in the future or is less than
|
||
the value of the 'createTimestamp' attribute.
|
||
|
||
|
||
3.2.3. creatorsName and modifiersName
|
||
|
||
To provide a value for the 'creatorsName' and/or 'modifiersName'
|
||
attribute on entry creation, the client should issue an LDAP Add
|
||
request with a Manage DIT control providing the desired values.
|
||
For instance:
|
||
|
||
dn: ou=Unit,dc=example,dc=net
|
||
control: IANA-ASSIGNED-OID
|
||
changetype: add
|
||
objectClass: organizationalUnit
|
||
ou: Unit
|
||
creatorsName: cn=Jane Doe,dc=example,net
|
||
modifiersName: cn=Jane Doe,dc=example,net
|
||
|
||
|
||
|
||
Zeilenga LDAP Manage DIT Control [Page 8]
|
||
|
||
INTERNET-DRAFT draft-zeilenga-ldap-managedit-00 27 February 2006
|
||
|
||
|
||
In this case, the server is either to add the entry using
|
||
the provided values or fail the request.
|
||
|
||
To provide a replacement values after entry creation for either of
|
||
the 'creatorsName' or 'modifiersName' attributes or both, the
|
||
client should issue an LDAP Modify request with a Manage DIT control
|
||
including the approrpiate changes. For instance:
|
||
|
||
dn: ou=Unit,dc=example,dc=net
|
||
control: IANA-ASSIGNED-OID
|
||
changetype: modify
|
||
replace: creatorsName
|
||
creatorsName: cn=Jane Doe,dc=example,net
|
||
-
|
||
replace: modifiersName
|
||
modifiersName: cn=Jane Doe,dc=example,net
|
||
-
|
||
|
||
In this case, the server is either to replace the provided
|
||
values as requested or fail the request.
|
||
|
||
|
||
4. Security Considerations
|
||
|
||
Use of this extension should be subject to appropriate administrative
|
||
and access controls. Use of this mechanism is intended to be
|
||
restricted to directory administrators.
|
||
|
||
Security considerations for the base operations [Protocol] extended
|
||
by this control, as well as general LDAP security considerations
|
||
[Roadmap], generally apply to implementation and use of this
|
||
extension.
|
||
|
||
|
||
5. IANA Considerations
|
||
|
||
5.1. Object Identifier
|
||
|
||
It is requested that IANA assign a LDAP Object Identifier [BCP64bis]
|
||
to identify the LDAP Assertion Control defined in this document.
|
||
|
||
Subject: Request for LDAP Object Identifier Registration
|
||
Person & email address to contact for further information:
|
||
Kurt Zeilenga <kurt@OpenLDAP.org>
|
||
Specification: RFC XXXX
|
||
Author/Change Controller: Kurt Zeilenga <kurt@openldap.org>
|
||
Comments: Identifies the LDAP Manage DIT Control
|
||
|
||
|
||
|
||
|
||
Zeilenga LDAP Manage DIT Control [Page 9]
|
||
|
||
INTERNET-DRAFT draft-zeilenga-ldap-managedit-00 27 February 2006
|
||
|
||
|
||
5.2 LDAP Protocol Mechanism
|
||
|
||
Registration of this protocol mechanism [BCP64bis] is requested.
|
||
|
||
Subject: Request for LDAP Protocol Mechanism Registration
|
||
Object Identifier: IANA-ASSIGNED-OID
|
||
Description: Manage DIT Control
|
||
Person & email address to contact for further information:
|
||
Kurt Zeilenga <kurt@openldap.org>
|
||
Usage: Control
|
||
Specification: RFC XXXX
|
||
Author/Change Controller: Kurt Zeilenga <kurt@openldap.org>
|
||
Comments: none
|
||
|
||
|
||
6. Author's Address
|
||
|
||
Kurt D. Zeilenga
|
||
OpenLDAP Foundation
|
||
|
||
Email: Kurt@OpenLDAP.org
|
||
|
||
|
||
7. References
|
||
|
||
[[Note to the RFC Editor: please replace the citation tags used in
|
||
referencing Internet-Drafts with tags of the form RFCnnnn where
|
||
possible.]]
|
||
|
||
|
||
7.1. Normative References
|
||
|
||
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
|
||
Requirement Levels", BCP 14 (also RFC 2119), March 1997.
|
||
|
||
[Roadmap] Zeilenga, K. (editor), "LDAP: Technical Specification
|
||
Road Map", draft-ietf-ldapbis-roadmap-xx.txt, a work in
|
||
progress.
|
||
|
||
[Models] Zeilenga, K. (editor), "LDAP: Directory Information
|
||
Models", draft-ietf-ldapbis-models-xx.txt, a work in
|
||
progress.
|
||
|
||
|
||
|
||
7.2. Informative References
|
||
|
||
[BCP64bis] Zeilenga, K., "IANA Considerations for LDAP",
|
||
|
||
|
||
|
||
Zeilenga LDAP Manage DIT Control [Page 10]
|
||
|
||
INTERNET-DRAFT draft-zeilenga-ldap-managedit-00 27 February 2006
|
||
|
||
|
||
draft-ietf-ldapbis-bcp64-xx.txt, a work in progress.
|
||
|
||
[EntryUUID] Zeilenga, K., "The LDAP EntryUUID Operational
|
||
Attribute", draft-zeilenga-ldap-uuid-xx.txt, a work in
|
||
progress.
|
||
|
||
[RFC2849] Good, G., "The LDAP Data Interchange Format (LDIF) -
|
||
Technical Specification", RFC 2849, June 2000.
|
||
|
||
|
||
|
||
Intellectual Property Rights
|
||
|
||
The IETF takes no position regarding the validity or scope of any
|
||
Intellectual Property Rights or other rights that might be claimed to
|
||
pertain to the implementation or use of the technology described in
|
||
this document or the extent to which any license under such rights
|
||
might or might not be available; nor does it represent that it has
|
||
made any independent effort to identify any such rights. Information
|
||
on the procedures with respect to rights in RFC documents can be found
|
||
in BCP 78 and BCP 79.
|
||
|
||
Copies of IPR disclosures made to the IETF Secretariat and any
|
||
assurances of licenses to be made available, or the result of an
|
||
attempt made to obtain a general license or permission for the use of
|
||
such proprietary rights by implementers or users of this specification
|
||
can be obtained from the IETF on-line IPR repository at
|
||
http://www.ietf.org/ipr.
|
||
|
||
The IETF invites any interested party to bring to its attention any
|
||
copyrights, patents or patent applications, or other proprietary
|
||
rights that may cover technology that may be required to implement
|
||
this standard. Please address the information to the IETF at
|
||
ietf-ipr@ietf.org.
|
||
|
||
|
||
|
||
Full Copyright
|
||
|
||
Copyright (C) The Internet Society (2006).
|
||
|
||
This document is subject to the rights, licenses and restrictions
|
||
contained in BCP 78, and except as set forth therein, the authors
|
||
retain all their rights.
|
||
|
||
This document and the information contained herein are provided on an
|
||
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
|
||
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
|
||
|
||
|
||
|
||
Zeilenga LDAP Manage DIT Control [Page 11]
|
||
|
||
INTERNET-DRAFT draft-zeilenga-ldap-managedit-00 27 February 2006
|
||
|
||
|
||
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
|
||
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
|
||
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
|
||
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
Zeilenga LDAP Manage DIT Control [Page 12]
|
||
|