mirror of
https://git.openldap.org/openldap/openldap.git
synced 2024-12-21 03:10:25 +08:00
676 lines
24 KiB
Plaintext
676 lines
24 KiB
Plaintext
|
||
|
||
|
||
|
||
|
||
|
||
Network Working Group D. Chadwick
|
||
Request for Comments: 3876 University of Salford
|
||
Category: Standards Track S. Mullan
|
||
Sun Microsystems
|
||
September 2004
|
||
|
||
|
||
Returning Matched Values with the
|
||
Lightweight Directory Access Protocol version 3 (LDAPv3)
|
||
|
||
Status of this Memo
|
||
|
||
This document specifies an Internet standards track protocol for the
|
||
Internet community, and requests discussion and suggestions for
|
||
improvements. Please refer to the current edition of the "Internet
|
||
Official Protocol Standards" (STD 1) for the standardization state
|
||
and status of this protocol. Distribution of this memo is unlimited.
|
||
|
||
Copyright Notice
|
||
|
||
Copyright (C) The Internet Society (2004).
|
||
|
||
Abstract
|
||
|
||
This document describes a control for the Lightweight Directory
|
||
Access Protocol version 3 that is used to return a subset of
|
||
attribute values from an entry. Specifically, only those values that
|
||
match a "values return" filter. Without support for this control, a
|
||
client must retrieve all of an attribute's values and search for
|
||
specific values locally.
|
||
|
||
1. Introduction
|
||
|
||
When reading an attribute from an entry using the Lightweight
|
||
Directory Access Protocol version 3 (LDAPv3) [2], it is normally only
|
||
possible to read either the attribute type, or the attribute type and
|
||
all its values. It is not possible to selectively read just a few of
|
||
the attribute values. If an attribute holds many values, for
|
||
example, the userCertificate attribute, or the subschema publishing
|
||
operational attributes objectClasses and attributeTypes [3], then it
|
||
may be desirable for the user to be able to selectively retrieve a
|
||
subset of the values, specifically, those attribute values that match
|
||
some user defined selection criteria. Without the control specified
|
||
in this document, a client must read all of the attribute's values
|
||
and filter out the unwanted values, necessitating the client to
|
||
implement the matching rules. It also requires the client to
|
||
|
||
|
||
|
||
|
||
|
||
Chadwick & Mullan Standards Track [Page 1]
|
||
|
||
RFC 3876 Returning Matched Values with LDAPv3 September 2004
|
||
|
||
|
||
potentially read and process many irrelevant values, which can be
|
||
inefficient if the values are large or complex, or there are many
|
||
values stored per attribute.
|
||
|
||
This document specifies an LDAPv3 control to enable a user to return
|
||
only those values that matched (i.e., returned TRUE to) one or more
|
||
elements of a newly defined "values return" filter. This control can
|
||
be especially useful when used in conjunction with extensible
|
||
matching rules that match on one or more components of complex binary
|
||
attribute values.
|
||
|
||
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
|
||
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
|
||
document are to be interpreted as described in BCP 14, RFC 2119 [4].
|
||
|
||
2. The valuesReturnFilter Control
|
||
|
||
The valuesReturnFilter control is either critical or non-critical as
|
||
determined by the user. It only has meaning for the Search
|
||
operation, and SHOULD only be added to the Search operation by the
|
||
client. If the server supports the control and it is present on a
|
||
Search operation, the server MUST obey the control, regardless of the
|
||
value of the criticality flag.
|
||
|
||
If the control is marked as critical, and either the server does not
|
||
support the control or the control is applied to an operation other
|
||
than Search, the server MUST return an unavailableCriticalExtension
|
||
error. If the control is not marked as critical, and either the
|
||
server does not support the control or the control is applied to an
|
||
operation other than Search, then the server MUST ignore the control.
|
||
|
||
The object identifier for this control is 1.2.826.0.1.3344810.2.3.
|
||
|
||
The controlValue is an OCTET STRING, whose value is the BER encoding
|
||
[6], as per Section 5.1 of RFC 2251 [2], of a value of the ASN.1 [5]
|
||
type ValuesReturnFilter.
|
||
|
||
ValuesReturnFilter ::= SEQUENCE OF SimpleFilterItem
|
||
|
||
SimpleFilterItem ::= CHOICE {
|
||
equalityMatch [3] AttributeValueAssertion,
|
||
substrings [4] SubstringFilter,
|
||
greaterOrEqual [5] AttributeValueAssertion,
|
||
lessOrEqual [6] AttributeValueAssertion,
|
||
present [7] AttributeDescription,
|
||
approxMatch [8] AttributeValueAssertion,
|
||
extensibleMatch [9] SimpleMatchingAssertion }
|
||
|
||
|
||
|
||
|
||
Chadwick & Mullan Standards Track [Page 2]
|
||
|
||
RFC 3876 Returning Matched Values with LDAPv3 September 2004
|
||
|
||
|
||
SimpleMatchingAssertion ::= SEQUENCE {
|
||
matchingRule [1] MatchingRuleId OPTIONAL,
|
||
type [2] AttributeDescription OPTIONAL,
|
||
--- at least one of the above must be present
|
||
matchValue [3] AssertionValue}
|
||
|
||
All the above data types have their standard meanings as defined in
|
||
[2].
|
||
|
||
If the server supports this control, the server MUST make use of the
|
||
control as follows:
|
||
|
||
1) The Search Filter is first executed in order to determine which
|
||
entries satisfy the Search criteria (these are the filtered
|
||
entries). The control has no impact on this step.
|
||
|
||
2) If the typesOnly parameter of the Search Request is TRUE, the
|
||
control has no effect and the Search Request is processed as if
|
||
the control had not been specified.
|
||
|
||
3) If the attributes parameter of the Search Request consists of a
|
||
list containing only the attribute with OID "1.1" (specifying that
|
||
no attributes are to be returned), the control has no effect and
|
||
the Search Request is processed as if the control had not been
|
||
specified.
|
||
|
||
4) For each attribute listed in the attributes parameter of the
|
||
Search Request, the server MUST apply the control as follows to
|
||
each entry in the set of filtered entries:
|
||
|
||
i) Every attribute value that evaluates TRUE against one or more
|
||
elements of the ValuesReturnFilter is placed in the
|
||
corresponding SearchResultEntry.
|
||
|
||
ii) Every attribute value that evaluates FALSE or undefined
|
||
against all elements of the ValuesReturnFilter is not placed
|
||
in the corresponding SearchResultEntry. An attribute that has
|
||
no values selected is returned with an empty set of values.
|
||
|
||
Note. If the AttributeDescriptionList (see [2]) is empty or
|
||
comprises "*", then the control MUST be applied against every user
|
||
attribute. If the AttributeDescriptionList contains a "+", then the
|
||
control MUST be applied against every operational attribute.
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
Chadwick & Mullan Standards Track [Page 3]
|
||
|
||
RFC 3876 Returning Matched Values with LDAPv3 September 2004
|
||
|
||
|
||
3. Relationship to X.500
|
||
|
||
The control is a superset of the matchedValuesOnly (MVO) boolean of
|
||
the X.500 Directory Access Protocol (DAP) [8] Search argument, as
|
||
amended in the latest version [9]. Close examination of the
|
||
matchedValuesOnly boolean by the LDAP Extensions (LDAPEXT) Working
|
||
Group revealed ambiguities and complexities in the MVO boolean that
|
||
could not easily be resolved. For example, it was not clear if the
|
||
MVO boolean governed only those attribute values that contributed to
|
||
the overall truth of the filter, or all of the attribute values, even
|
||
if the filter item containing the attribute was evaluated as false.
|
||
For this reason the LDAPEXT group decided to replace the MVO boolean
|
||
with a simple filter that removes any uncertainty as to whether an
|
||
attribute value has been selected or not.
|
||
|
||
4. Relationship to other LDAP Controls
|
||
|
||
The purpose of this control is to select zero, one, or more attribute
|
||
values from each requested attribute in a filtered entry, and to
|
||
discard the remainder. Once the attribute values have been discarded
|
||
by this control, they MUST NOT be re-instated into the Search results
|
||
by other controls.
|
||
|
||
This control acts independently of other LDAP controls such as server
|
||
side sorting [13] and duplicate entries [10]. However, there might
|
||
be interactions between this control and other controls so that a
|
||
different set of Search Result Entries are returned, or the entries
|
||
are returned in a different order, depending upon the sequencing of
|
||
this control and other controls in the LDAP request. For example,
|
||
with server side sorting, if sorting is done first, and value return
|
||
filtering second, the set of Search Results may appear to be in the
|
||
wrong order since the value filtering may remove the attribute values
|
||
upon which the ordering was done. (The sorting document specifies
|
||
that entries without any sort key attribute values should be treated
|
||
as coming after all other attribute values.) Similarly with
|
||
duplicate entries, if duplication is performed before value
|
||
filtering, the set of Search Result Entries may contain identical
|
||
duplicate entries, each with an empty set of attribute values,
|
||
because the value filtering removed the attribute values that were
|
||
used to duplicate the results.
|
||
|
||
For these reasons, the ValuesReturnFilter control in a SearchRequest
|
||
SHOULD precede other controls that affect the number and ordering of
|
||
SearchResultEntrys.
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
Chadwick & Mullan Standards Track [Page 4]
|
||
|
||
RFC 3876 Returning Matched Values with LDAPv3 September 2004
|
||
|
||
|
||
5. Examples
|
||
|
||
All entries are provided in an LDAP Data Interchange Format
|
||
(LDIF)[11].
|
||
|
||
The string representation of the valuesReturnFilter in the examples
|
||
below uses the following ABNF [15] notation:
|
||
|
||
valuesReturnFilter = "(" 1*simpleFilterItem ")"
|
||
simpleFilterItem = "(" item ")"
|
||
|
||
where item is as defined below (adapted from RFC2254 [14]).
|
||
|
||
item = simple / present / substring / extensible
|
||
simple = attr filtertype value
|
||
filtertype = equal / approx / greater / less
|
||
equal = "="
|
||
approx = "~="
|
||
greater = ">="
|
||
less = "<="
|
||
extensible = attr [":" matchingrule] ":=" value
|
||
/ ":" matchingrule ":=" value
|
||
present = attr "=*"
|
||
substring = attr "=" [initial] any [final]
|
||
initial = value
|
||
any = "*" *(value "*")
|
||
final = value
|
||
attr = AttributeDescription from Section 4.1.5 of [1]
|
||
matchingrule = MatchingRuleId from Section 4.1.9 of [1]
|
||
value = AttributeValue from Section 4.1.6 of [1]
|
||
|
||
1) The first example shows how the control can be set to return all
|
||
attribute values from one attribute type (e.g., telephoneNumber)
|
||
and a subset of values from another attribute type (e.g., mail).
|
||
|
||
The entries below represent organizationalPerson object classes
|
||
located somewhere beneath the distinguished name dc=ac,dc=uk.
|
||
|
||
dn: cn=Sean Mullan,ou=people,dc=sun,dc=ac,dc=uk
|
||
cn: Sean Mullan
|
||
sn: Mullan
|
||
objectClass: organizationalPerson
|
||
objectClass: person
|
||
objectClass: inetOrgPerson
|
||
mail: sean.mullan@hotmail.com
|
||
mail: mullan@east.sun.com
|
||
telephoneNumber: + 781 442 0926
|
||
telephoneNumber: 555-9999
|
||
|
||
|
||
|
||
Chadwick & Mullan Standards Track [Page 5]
|
||
|
||
RFC 3876 Returning Matched Values with LDAPv3 September 2004
|
||
|
||
|
||
dn: cn=David Chadwick,ou=isi,o=salford,dc=ac,dc=uk
|
||
cn: David Chadwick
|
||
sn: Chadwick
|
||
objectClass: organizationalPerson
|
||
objectClass: person
|
||
objectClass: inetOrgPerson
|
||
mail: d.w.chadwick@salford.ac.uk
|
||
|
||
An LDAP search operation is specified with a baseObject set to the DN
|
||
of the search base (i.e., dc=ac,dc=uk), a subtree scope, a filter set
|
||
to (sn=mullan), and the list of attributes to be returned set to
|
||
"mail,telephoneNumber" or "*". In addition, a ValuesReturnFilter
|
||
control is set to ((mail=*hotmail.com)(telephoneNumber=*)).
|
||
|
||
The search results returned by the server would consist of the
|
||
following entry:
|
||
|
||
dn: cn=Sean Mullan,ou=people,dc=sun,dc=ac,dc=uk
|
||
mail: sean.mullan@hotmail.com
|
||
telephoneNumber: + 781 442 0926
|
||
telephoneNumber: 555-9999
|
||
|
||
Note that the control has no effect on the values returned for the
|
||
"telephoneNumber" attribute (all of the values are returned), since
|
||
the control specified that all values should be returned.
|
||
|
||
2) The second example shows how one might retrieve a single attribute
|
||
type subschema definition for the "gunk" attribute with OID
|
||
1.2.3.4.5 from the subschema subentry.
|
||
|
||
Assume the subschema subentry is held below the root entry with DN
|
||
cn=subschema subentry,o=myorg and this holds an attributeTypes
|
||
operational attribute holding the descriptions of the 35 attributes
|
||
known to this server (each description is held as a single attribute
|
||
value of the attributeTypes attribute).
|
||
|
||
dn: cn=subschema subentry,o=myorg
|
||
cn: subschema subentry
|
||
objectClass: subschema
|
||
attributeTypes: ( 2.5.4.3 NAME 'cn' SUP name )
|
||
attributeTypes: ( 2.5.4.6 NAME 'c' SUP name SINGLE-VALUE )
|
||
attributeTypes: ( 2.5.4.0 NAME 'objectClass' EQUALITY obj
|
||
ectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
|
||
attributeTypes: ( 2.5.18.2 NAME 'modifyTimestamp' EQUALITY gen
|
||
eralizedTimeMatch ORDERING generalizedTimeOrderingMatch SYN
|
||
TAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE NO-USER-
|
||
MODIFICATION USAGE directoryOperation )
|
||
attributeTypes: ( 2.5.21.6 NAME 'objectClasses' EQUALITY obj
|
||
|
||
|
||
|
||
Chadwick & Mullan Standards Track [Page 6]
|
||
|
||
RFC 3876 Returning Matched Values with LDAPv3 September 2004
|
||
|
||
|
||
ectIdentifierFirstComponentMatch SYNTAX 1.3.
|
||
6.1.4.1.1466.115.121.1.37 USAGE directoryOperation )
|
||
attributeTypes: ( 1.2.3.4.5 NAME 'gunk' EQUALITY caseIgnoreMat
|
||
ch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.
|
||
6.1.4.1.1466.115.121.1.44{64} )
|
||
attributeTypes: ( 2.5.21.5 NAME 'attributeTypes' EQUALITY obj
|
||
ectIdentifierFirstComponentMatch SYNTAX 1.3.
|
||
6.1.4.1.1466.115.121.1.3 USAGE directoryOperation )
|
||
|
||
plus another 28 - you get the idea.
|
||
|
||
The user creates an LDAP search operation with a baseObject set to
|
||
cn=subschema subentry,o=myorg, a scope of base, a filter set to
|
||
(objectClass=subschema), the list of attributes to be returned set to
|
||
"attributeTypes", and the ValuesReturnFilter set to
|
||
((attributeTypes=1.2.3.4.5))
|
||
|
||
The search result returned by the server would consist of the
|
||
following entry:
|
||
|
||
dn: cn=subschema subentry,o=myorg
|
||
attributeTypes: ( 1.2.3.4.5 NAME 'gunk' EQUALITY caseIgnoreMat
|
||
ch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.
|
||
6.1.4.1.1466.115.121.1.44{64} )
|
||
|
||
3) The final example shows how the control can be used to match on a
|
||
userCertificate attribute value. Note that this example requires
|
||
the LDAP server to support the certificateExactMatch matching rule
|
||
defined in [12] as the EQUALITY matching rule for userCertificate.
|
||
|
||
The entry below represents a pkiUser object class stored in the
|
||
directory.
|
||
|
||
dn: cn=David Chadwick,ou=people,o=University of Salford,c=gb
|
||
cn: David Chadwick
|
||
objectClass: person
|
||
objectClass: organizationalPerson
|
||
objectClass: pkiUser
|
||
objectClass: inetOrgPerson
|
||
sn: Chadwick
|
||
mail: d.w.chadwick@salford.ac.uk
|
||
userCertificate;binary: {binary representation of a certificate with
|
||
a serial number of 2468 issued by o=truetrust ltd,c=gb}
|
||
userCertificate;binary: {binary representation of certificate with a
|
||
serial number of 1357 issued by o=truetrust ltd,c=gb}
|
||
userCertificate;binary: {binary representation of certificate with a
|
||
serial number of 1234 issued by dc=certsRus,dc=com}
|
||
|
||
|
||
|
||
|
||
Chadwick & Mullan Standards Track [Page 7]
|
||
|
||
RFC 3876 Returning Matched Values with LDAPv3 September 2004
|
||
|
||
|
||
An LDAP search operation is specified with a baseObject set to
|
||
o=University of Salford,c=gb, a subtree scope, a filter set to
|
||
(sn=chadwick), and the list of attributes to be returned set to
|
||
"userCertificate;binary". In addition, a ValuesReturnFilter control
|
||
is set to ((userCertificate=1357$o=truetrust ltd,c=gb)).
|
||
|
||
The search result returned by the server would consist of the
|
||
following entry:
|
||
|
||
dn: cn=David Chadwick,ou=people,o=University of Salford,c=gb
|
||
userCertificate;binary: {binary representation of certificate with a
|
||
serial number of 1357 issued by o=truetrust ltd,c=gb}
|
||
|
||
6. Security Considerations
|
||
|
||
This document does not primarily discuss security issues.
|
||
|
||
Note however that attribute values MUST only be returned if the
|
||
access controls applied by the LDAP server allow them to be returned,
|
||
and in this respect the effect of the ValuesReturnFilter control is
|
||
of no consequence.
|
||
|
||
Note that the ValuesReturnFilter control may have a positive effect
|
||
on the deployment of public key infrastructures. Certain PKI
|
||
operations, like searching for specific certificates, become more
|
||
scalable, and more practical when combined with X.509 certificate
|
||
matching rules at the server, since the control avoids the
|
||
downloading of potentially large numbers of irrelevant certificates
|
||
which would have to be processed and filtered locally (which in some
|
||
cases is very difficult to perform).
|
||
|
||
7. IANA Considerations
|
||
|
||
The Matched Values control as an LDAP Protocol Mechanism [7] has been
|
||
registered as follows:
|
||
|
||
Subject: Request for LDAP Protocol Mechanism Registration
|
||
|
||
Object Identifier: 1.2.826.0.1.3344810.2.3
|
||
Description: Matched Values Control
|
||
Person & email address to contact for further information:
|
||
David Chadwick <d.w.chadwick@salford.ac.uk>
|
||
Usage: Control
|
||
Specification: RFC3876
|
||
Author/Change Controller: IESG
|
||
Comments: none
|
||
|
||
|
||
|
||
|
||
|
||
Chadwick & Mullan Standards Track [Page 8]
|
||
|
||
RFC 3876 Returning Matched Values with LDAPv3 September 2004
|
||
|
||
|
||
This document uses the OID 1.2.826.0.1.3344810.2.3 to identify the
|
||
matchedValues control described here. This OID was assigned by
|
||
TrueTrust Ltd, under its BSI assigned English/Welsh Registered
|
||
Company number [16].
|
||
|
||
8. Acknowledgements
|
||
|
||
The authors would like to thank members of the LDAPExt list for their
|
||
constructive comments on earlier versions of this document, and in
|
||
particular to Harald Alvestrand who first suggested having an
|
||
attribute return filter and Bruce Greenblatt who first proposed a
|
||
syntax for this control.
|
||
|
||
9. References
|
||
|
||
9.1. Normative References
|
||
|
||
[1] Bradner, S., "The Internet Standards Process -- Revision 3", BCP
|
||
9, RFC 2026, October 1996.
|
||
|
||
[2] Wahl, M., Howes, T., and S. Kille, "Lightweight Directory Access
|
||
Protocol (w3)", RFC 2251, December 1997.
|
||
|
||
[3] Wahl, M., Coulbeck, A., Howes, T., and S. Kille, "Lightweight
|
||
Directory Access Protocol (v3): Attribute Syntax Definitions",
|
||
RFC 2252, December 1997.
|
||
|
||
[4] Bradner, S., "Key words for use in RFCs to Indicate Requirement
|
||
Levels", BCP 14, RFC 2119, March 1997.
|
||
|
||
[5] ITU-T Recommendation X.680 (1997) | ISO/IEC 8824-1:1998,
|
||
Information Technology - Abstract Syntax Notation One (ASN.1):
|
||
Specification of Basic Notation
|
||
|
||
[6] ITU-T Recommendation X.690 (1997) | ISO/IEC 8825-1,2,3:1998
|
||
Information technology - ASN.1 encoding rules: Specification of
|
||
Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and
|
||
Distinguished Encoding Rules (DER)
|
||
|
||
[7] Zeilenga, K., "Internet Assigned Numbers Authority (IANA)
|
||
Considerations for the Lightweight Directory Access Protocol
|
||
(LDAP)", BCP 64, RFC 3383, September 2002.
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
Chadwick & Mullan Standards Track [Page 9]
|
||
|
||
RFC 3876 Returning Matched Values with LDAPv3 September 2004
|
||
|
||
|
||
9.2. Informative References
|
||
|
||
[8] ITU-T Rec. X.511, "The Directory: Abstract Service Definition",
|
||
1993.
|
||
|
||
[9] ISO/IEC 9594 / ITU-T Rec X.511 (2001) The Directory: Abstract
|
||
Service Definition.
|
||
|
||
[10] Sermersheim, J., "LDAP Control for a Duplicate Entry
|
||
Representation of Search Results", Work in Progress, October
|
||
2000.
|
||
|
||
[11] Good, G., "The LDAP Data Interchange Format (LDIF) - Technical
|
||
Specification", RFC 2849, June 2000.
|
||
|
||
[12] Chadwick, D. and S.Legg, "Internet X.509 Public Key
|
||
Infrastructure - Additional LDAP Schema for PKIs", Work in
|
||
Progress, June 2002
|
||
|
||
[13] Howes, T., Wahl, M., and A. Anantha, "LDAP Control Extension for
|
||
Server Side Sorting of Search Results", RFC 2891, August 2000.
|
||
|
||
[14] Howes, T., "The String Representation of LDAP Search Filters",
|
||
RFC 2254, December 1997.
|
||
|
||
[15] Crocker, D. and P. Overell, "Augmented BNF for Syntax
|
||
Specifications: ABNF", RFC 2234, November 1997.
|
||
|
||
[16] BRITISH STANDARD BS 7453 Part 1. Procedures for UK Registration
|
||
for Open System Standards Part 1: Procedures for the UK Name
|
||
Registration Authority.
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
Chadwick & Mullan Standards Track [Page 10]
|
||
|
||
RFC 3876 Returning Matched Values with LDAPv3 September 2004
|
||
|
||
|
||
10. Authors' Addresses
|
||
|
||
David Chadwick
|
||
IS Institute
|
||
University of Salford
|
||
Salford M5 4WT
|
||
England
|
||
|
||
Phone: +44 161 295 5351
|
||
EMail: d.w.chadwick@salford.ac.uk
|
||
|
||
|
||
Sean Mullan
|
||
Sun Microsystems
|
||
One Network Drive
|
||
Burlington, MA 01803
|
||
USA
|
||
|
||
EMail: sean.mullan@sun.com
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
Chadwick & Mullan Standards Track [Page 11]
|
||
|
||
RFC 3876 Returning Matched Values with LDAPv3 September 2004
|
||
|
||
|
||
11. Full Copyright Statement
|
||
|
||
Copyright (C) The Internet Society (2004).
|
||
|
||
This document is subject to the rights, licenses and restrictions
|
||
contained in BCP 78, and except as set forth therein, the authors
|
||
retain all their rights.
|
||
|
||
This document and the information contained herein are provided on an
|
||
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/S HE
|
||
REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE
|
||
INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR
|
||
IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
|
||
THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
|
||
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
|
||
|
||
Intellectual Property
|
||
|
||
The IETF takes no position regarding the validity or scope of any
|
||
Intellectual Property Rights or other rights that might be claimed to
|
||
pertain to the implementation or use of the technology described in
|
||
this document or the extent to which any license under such rights
|
||
might or might not be available; nor does it represent that it has
|
||
made any independent effort to identify any such rights. Information
|
||
on the IETF's procedures with respect to rights in IETF Documents can
|
||
be found in BCP 78 and BCP 79.
|
||
|
||
Copies of IPR disclosures made to the IETF Secretariat and any
|
||
assurances of licenses to be made available, or the result of an
|
||
attempt made to obtain a general license or permission for the use of
|
||
such proprietary rights by implementers or users of this
|
||
specification can be obtained from the IETF on-line IPR repository at
|
||
http://www.ietf.org/ipr.
|
||
|
||
The IETF invites any interested party to bring to its attention any
|
||
copyrights, patents or patent applications, or other proprietary
|
||
rights that may cover technology that may be required to implement
|
||
this standard. Please address the information to the IETF at ietf-
|
||
ipr@ietf.org.
|
||
|
||
Acknowledgement
|
||
|
||
Funding for the RFC Editor function is currently provided by the
|
||
Internet Society.
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
Chadwick & Mullan Standards Track [Page 12]
|
||
|