mirror of
https://git.openldap.org/openldap/openldap.git
synced 2025-01-12 10:54:48 +08:00
396 lines
13 KiB
Plaintext
396 lines
13 KiB
Plaintext
|
||
|
||
|
||
|
||
|
||
|
||
INTERNET-DRAFT Kurt D. Zeilenga
|
||
Intended Category: Experimental OpenLDAP Foundation
|
||
Expires in six months 3 May 2003
|
||
|
||
|
||
LDAP Transactions
|
||
<draft-zeilenga-ldap-txn-06.txt>
|
||
|
||
|
||
Status of Memo
|
||
|
||
This document is an Internet-Draft and is in full conformance with all
|
||
provisions of Section 10 of RFC2026.
|
||
|
||
This document is intended to be, after appropriate review and
|
||
revision, submitted to the RFC Editor as an Experimental document.
|
||
Distribution of this memo is unlimited. Technical discussion of this
|
||
document will take place on the IETF LDAP Extension Working Group
|
||
mailing list <ldapext@ietf.org>. Please send editorial comments
|
||
directly to the author <Kurt@OpenLDAP.org>.
|
||
|
||
Internet-Drafts are working documents of the Internet Engineering Task
|
||
Force (IETF), its areas, and its working groups. Note that other
|
||
groups may also distribute working documents as Internet-Drafts.
|
||
Internet-Drafts are draft documents valid for a maximum of six months
|
||
and may be updated, replaced, or obsoleted by other documents at any
|
||
time. It is inappropriate to use Internet-Drafts as reference
|
||
material or to cite them other than as ``work in progress.''
|
||
|
||
The list of current Internet-Drafts can be accessed at
|
||
<http://www.ietf.org/ietf/1id-abstracts.txt>. The list of
|
||
Internet-Draft Shadow Directories can be accessed at
|
||
<http://www.ietf.org/shadow.html>.
|
||
|
||
Copyright 2003, The Internet Society. All Rights Reserved.
|
||
|
||
Please see the Copyright section near the end of this document for
|
||
more information.
|
||
|
||
|
||
Abstract
|
||
|
||
Lightweight Directory Access Protocol (LDAP) update operations acting
|
||
upon entries have atomic, consistency, isolation, durability (ACID)
|
||
properties. However, it is often desirable to update two or more
|
||
entries as one unit of interaction, a transaction. Transactions are
|
||
necessary to support a number of applications including resource
|
||
provisioning and information replication. This document defines an
|
||
|
||
|
||
|
||
Zeilenga LDAP Transactions [Page 1]
|
||
|
||
INTERNET-DRAFT draft-zeilenga-ldap-txn-06 3 May 2003
|
||
|
||
|
||
LDAP extension to support transactions.
|
||
|
||
|
||
Conventions
|
||
|
||
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
|
||
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
|
||
document are to be interpreted as described in BCP 14 [RFC2119].
|
||
|
||
Protocol elements are described using ASN.1 [X.680]. The term
|
||
"BER-encoded" means the element is to be encoded using the Basic
|
||
Encoding Rules [X.690] under the restrictions detailed in Section 5.1
|
||
of [RFC2251].
|
||
|
||
|
||
1. Overview
|
||
|
||
This document extends the Lightweight Directory Access Protocol (LDAP)
|
||
[RFC3377] to allow clients to group a number of related update
|
||
operations [RFC2251] and have them preformed as one unit of
|
||
interaction, a transaction. As with distinct update operations, each
|
||
transaction has atomic, consistency, isolation, and durability
|
||
([ACID]) properties.
|
||
|
||
This extension uses the grouping mechanism provided by [GROUP] to
|
||
relate operations of the transaction. The createGrouping operation is
|
||
used to obtain a group cookie which is used to identify operations
|
||
which are apart of the transaction. The group cookie can be viewed as
|
||
a transaction identifier. The endGrouping operation is used to settle
|
||
(commit or abort) the transaction.
|
||
|
||
|
||
2. Specification of a Transaction
|
||
|
||
Servers implementing this specification SHOULD publish the
|
||
transactionGroupingType as a value of the 'supportedGroupingTypes'
|
||
attribute contained within the Root DSE.
|
||
|
||
transactionGroupingType ::= IANA-ASSIGNED-OID
|
||
|
||
A client wishing to preform a transaction issues a
|
||
createGroupingRequest with a createGroupType of
|
||
transactionGroupingType and no createGroupValue. A server which is
|
||
willing and able to support transactions returns a
|
||
createGroupingResponse with a success result code, a
|
||
createGroupCookie, and no createGroupValue. Otherwise the server
|
||
returns a non-success result code, no createGroupCookie, and no
|
||
createGroupValue.
|
||
|
||
|
||
|
||
Zeilenga LDAP Transactions [Page 2]
|
||
|
||
INTERNET-DRAFT draft-zeilenga-ldap-txn-06 3 May 2003
|
||
|
||
|
||
The client then issues may issue one or more update (add, delete,
|
||
modify, rename) requests, each with a GroupingControl indicating they
|
||
are to processed as part of the transaction grouping. If the server
|
||
is willing and able to attempt to process operation as part of the
|
||
transaction, the server returns success. As further processing of the
|
||
operation is be deferred until settlement, the operation is considered
|
||
still outstanding and its messageID cannot to be reused until after
|
||
settlement. If the server is unwilling or unable to attempt to
|
||
process the operation as part of the transaction, the server returns a
|
||
non-successful result code.
|
||
|
||
If the server becomes unwilling or unable to continue the
|
||
specification of a transaction, the server return the canceled
|
||
resultCode for each deferred operation and then issue a endGroupNotice
|
||
with a non-success resultCode. Any future use of cookie by the client
|
||
will result in a response containing a non-success result code. Upon
|
||
receipt of a endGroupingNotice, the client is to discontinue all use
|
||
of the grouping cookie as the transaction is null and void.
|
||
|
||
A client requests settling of transaction by issuing an
|
||
endGroupingRequest where the groupingCookie is the group cookie
|
||
identify the transaction. The absence of any endGroupingValue
|
||
indicates a commit request. The presence of an empty endGroupValue
|
||
indicates an abort request. The endGroupValue MUST be empty if
|
||
provided.
|
||
|
||
If the commit response indicates failure, the server may return an
|
||
endGroupingValue with the endGroupingResponse. If so, it contains the
|
||
BER-encoding of a MessageID [RFC2251] of the update operation
|
||
associated with the failure.
|
||
|
||
|
||
3. Settling of the Transaction
|
||
|
||
Upon receipt of a request to abort the transaction, the server is to
|
||
abort the transaction and then return an endGroupingResponse
|
||
indicating success.
|
||
|
||
Upon receipt of a request to commit the transaction, the server
|
||
processes the group of update operations as one atomic, isolated
|
||
action with each update request being processed in turn. Either all
|
||
of the requested updates SHALL be successfully applied or none of the
|
||
requested SHALL be applied. If all are applied, the server returns an
|
||
endGroupingResponse indicating success. Otherwise, the server returns
|
||
an endGroupingResponse indicating the nature of the failure. If the
|
||
failure is associated with a particular update operation, the message
|
||
ID is returned an attached endGroupingValue. If the failure was not
|
||
associated with any particular update operation, no endGroupingValue
|
||
|
||
|
||
|
||
Zeilenga LDAP Transactions [Page 3]
|
||
|
||
INTERNET-DRAFT draft-zeilenga-ldap-txn-06 3 May 2003
|
||
|
||
|
||
is to be provided.
|
||
|
||
There is no requirement that a server serialize transactions. That
|
||
is, a server MAY process multiple transactions commit requests (from
|
||
one or more clients) acting upon different sets of entries
|
||
concurrently. A server MUST avoid deadlock.
|
||
|
||
|
||
4. Distributed Directory Considerations
|
||
|
||
The LDAP/X.500 models provide for distributed directory operations
|
||
including server-side chaining and client-side chasing of operations.
|
||
|
||
This document does not disallow servers from chaining operations which
|
||
are part of a transaction. However, if a server does allow such
|
||
chaining, it MUST ensure that transaction semantics detailed above are
|
||
provided.
|
||
|
||
This mechanism defined by this document does not support client-side
|
||
chasing. Grouping cookies used to identify the transaction are
|
||
specific to a particular client/server session.
|
||
|
||
The LDAP/X.500 models provide for a single-master/multiple-slave
|
||
replication architecture. This document states no requirement that
|
||
changes made to the directory based upon processing a transaction be
|
||
replicated as one atomic action. That is, the client SHOULD NOT
|
||
assume tight data consistency nor fast data convergence at slave
|
||
servers unless they have prior knowledge that such is provided.
|
||
Though this mechanism could be used to support replication, such use
|
||
is not described in this document.
|
||
|
||
The LDAP/X.500 models do not currently support a multi-master
|
||
replication architecture and, hence, not considered by this
|
||
specification.
|
||
|
||
|
||
5. Security Considerations
|
||
|
||
Transactions mechanisms and related grouping operations may be the
|
||
target of denial of service attacks. Implementors should provide
|
||
safeguards to ensure these mechanisms are not abused.
|
||
|
||
|
||
6. IANA Considerations
|
||
|
||
In accordance with [RFC3383], it is requested that Internet Assigned
|
||
Numbers Authority (IANA) make the following assignments.
|
||
|
||
|
||
|
||
|
||
Zeilenga LDAP Transactions [Page 4]
|
||
|
||
INTERNET-DRAFT draft-zeilenga-ldap-txn-06 3 May 2003
|
||
|
||
|
||
6.1. Object Identifier
|
||
|
||
An LDAP Object Identifier to identify the grouping type defined in
|
||
this document is requested.
|
||
|
||
The following registration template is suggested:
|
||
|
||
Subject: Request for LDAP Object Identifier Registration
|
||
Person & email address to contact for further information:
|
||
Kurt Zeilenga <kurt@OpenLDAP.org>
|
||
Specification: RFCXXXX
|
||
Author/Change Controller: IESG
|
||
Comments:
|
||
Identifies the LDAP Transactions Grouping Type
|
||
|
||
|
||
6.2. LDAP Protocol Mechanism
|
||
|
||
Registration of the protocol mechanisms defined in this document is
|
||
requested.
|
||
|
||
Subject: Request for LDAP Protocol Mechansism Registration
|
||
|
||
Object Identifier: IANA-ASSIGNED-OID
|
||
Description: LDAP Transaction Grouping Type
|
||
Person & email address to contact for further information:
|
||
Kurt Zeilenga <kurt@openldap.org>
|
||
Usage: Grouping
|
||
Specification: RFCxxxx
|
||
Author/Change Controller: IESG
|
||
Comments: none
|
||
|
||
|
||
7. Acknowledgments
|
||
|
||
The author gratefully acknowledges the contributions made by members
|
||
of the Internet Engineering Task Force.
|
||
|
||
|
||
8. Author's Address
|
||
|
||
Kurt D. Zeilenga
|
||
OpenLDAP Foundation
|
||
<Kurt@OpenLDAP.org>
|
||
|
||
|
||
9. Normative References
|
||
|
||
|
||
|
||
|
||
Zeilenga LDAP Transactions [Page 5]
|
||
|
||
INTERNET-DRAFT draft-zeilenga-ldap-txn-06 3 May 2003
|
||
|
||
|
||
[RFC2119] S. Bradner, "Key Words for use in RFCs to Indicate
|
||
Requirement Levels", BCP 14 (also RFC 2119), March 1997.
|
||
|
||
[RFC2251] M. Wahl, S. Kille, T. Howes, "Lightweight Directory Access
|
||
Protocol (v3)", RFC 2251, December 1997.
|
||
|
||
[RFC3377] J. Hodges, R. Morgan, "Lightweight Directory Access
|
||
Protocol (v3): Technical Specification", RFC 3377, September 2002.
|
||
|
||
[GROUP] K. Zeilenga, "LDAP: Grouping of Related Operations",
|
||
draft-zeilenga-ldap-grouping-xx.txt, a work in progress.
|
||
|
||
[X.680] ITU-T, "Abstract Syntax Notation One (ASN.1) - Specification
|
||
of Basic Notation", X.680, 1994.
|
||
|
||
[X.690] ITU-T, "Specification of ASN.1 encoding rules: Basic,
|
||
Canonical, and Distinguished Encoding Rules", X.690, 1994.
|
||
|
||
|
||
10. Informative References
|
||
|
||
[ACID] Section 4 of ISO/IEC 10026-1:1992.
|
||
|
||
[RFC3383] K. Zeilenga, "IANA Considerations for LDAP", BCP 64 (also
|
||
RFC 3383), September 2002.
|
||
|
||
[X.500] ITU-T, "The Directory: Overview of Concepts, Models, and
|
||
Services", X.500, 1993.
|
||
|
||
[X.501] ITU-T, "The Directory: Models", X.501, 1993.
|
||
|
||
|
||
Copyright 2003, The Internet Society. All Rights Reserved.
|
||
|
||
This document and translations of it may be copied and furnished
|
||
to others, and derivative works that comment on or otherwise explain
|
||
it or assist in its implementation may be prepared, copied, published
|
||
and distributed, in whole or in part, without restriction of any
|
||
kind, provided that the above copyright notice and this paragraph
|
||
are included on all such copies and derivative works. However,
|
||
this document itself may not be modified in any way, such as by
|
||
removing the copyright notice or references to the Internet Society
|
||
or other Internet organizations, except as needed for the purpose
|
||
of developing Internet standards in which case the procedures for
|
||
copyrights defined in the Internet Standards process must be followed,
|
||
or as required to translate it into languages other than English.
|
||
|
||
The limited permissions granted above are perpetual and will not
|
||
|
||
|
||
|
||
Zeilenga LDAP Transactions [Page 6]
|
||
|
||
INTERNET-DRAFT draft-zeilenga-ldap-txn-06 3 May 2003
|
||
|
||
|
||
be revoked by the Internet Society or its successors or assigns.
|
||
|
||
This document and the information contained herein is provided on
|
||
an "AS IS" basis and THE AUTHORS, THE INTERNET SOCIETY, AND THE
|
||
INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS
|
||
OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE
|
||
OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
|
||
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
Zeilenga LDAP Transactions [Page 7]
|
||
|