mirror of
https://git.openldap.org/openldap/openldap.git
synced 2024-12-21 03:10:25 +08:00
620 lines
22 KiB
Plaintext
620 lines
22 KiB
Plaintext
|
||
|
||
|
||
|
||
|
||
|
||
INTERNET-DRAFT Kurt D. Zeilenga
|
||
Intended Category: Standard Track OpenLDAP Foundation
|
||
Date: 17 May 2002 Steven Legg
|
||
Expires in six months Adacel Technologies
|
||
|
||
|
||
Subentries in LDAP
|
||
<draft-zeilenga-ldap-subentry-05.txt>
|
||
|
||
|
||
Status of this Memo
|
||
|
||
This document is an Internet-Draft and is in full conformance with all
|
||
provisions of Section 10 of RFC2026.
|
||
|
||
This document is intended to be, after appropriate review and
|
||
revision, submitted to the RFC Editor as a Standard Track document.
|
||
Distribution of this memo is unlimited. Technical discussion of this
|
||
document will take place on the IETF LDAP Extension Working Group
|
||
mailing list <ietf-ldapext@netscape.com>. Please send editorial
|
||
comments directly to the author <Kurt@OpenLDAP.org>.
|
||
|
||
Internet-Drafts are working documents of the Internet Engineering Task
|
||
Force (IETF), its areas, and its working groups. Note that other
|
||
groups may also distribute working documents as Internet-Drafts.
|
||
Internet-Drafts are draft documents valid for a maximum of six months
|
||
and may be updated, replaced, or obsoleted by other documents at any
|
||
time. It is inappropriate to use Internet-Drafts as reference
|
||
material or to cite them other than as ``work in progress.''
|
||
|
||
The list of current Internet-Drafts can be accessed at
|
||
<http://www.ietf.org/ietf/1id-abstracts.txt>. The list of
|
||
Internet-Draft Shadow Directories can be accessed at
|
||
<http://www.ietf.org/shadow.html>.
|
||
|
||
Copyright 2002, The Internet Society. All Rights Reserved.
|
||
|
||
Please see the Copyright section near the end of this document for
|
||
more information.
|
||
|
||
|
||
Abstract
|
||
|
||
In X.500 directories, subentries are special entries used to hold
|
||
information associated with a subtree or subtree refinement. This
|
||
document adapts X.500 subentries mechanisms for use with Lightweight
|
||
Directory Access Protocol (LDAP).
|
||
|
||
|
||
|
||
|
||
Zeilenga draft-zeilenga-ldap-subentry-05 [Page 1]
|
||
|
||
INTERNET-DRAFT Subentries in LDAP 17 May 2002
|
||
|
||
|
||
Conventions
|
||
|
||
Schema definitions are provided using LDAP description formats
|
||
[RFC2252]. Definitions provided here are formatted (line wrapped) for
|
||
readability.
|
||
|
||
Protocol elements are described using ASN.1 [X.680]. The term
|
||
"BER-encoded" means the element is to be encoded using the Basic
|
||
Encoding Rules [X.690] under the restrictions detailed in Section 5.1
|
||
of [RFC2251].
|
||
|
||
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
|
||
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
|
||
document are to be interpreted as described in BCP 14 [RFC2119].
|
||
|
||
|
||
1. Overview
|
||
|
||
From [X.501]:
|
||
A subentry is a special kind of entry immediately subordinate to
|
||
an administrative point. It contains attributes that pertain to a
|
||
subtree (or subtree refinement) associated with its administrative
|
||
point. The subentries and their administrative point are part of
|
||
the same naming context.
|
||
|
||
A single subentry may serve all or several aspects of
|
||
administrative authority. Alternatively, a specific aspect of
|
||
administrative authority may be handled through one or more of its
|
||
own subentries.
|
||
|
||
Subentries in Lightweight Directory Access Protocol (LDAP) [LDAPTS]
|
||
SHALL behave in accordance with X.501 unless noted otherwise in this
|
||
specification.
|
||
|
||
In absence of the subentries control (detailed in Section 3),
|
||
subentries SHALL NOT be considered in one-level and subtree scope
|
||
search operations. For all other operations, including base scope
|
||
search operations, subentries SHALL be considered.
|
||
|
||
|
||
2. Subentry Schema
|
||
|
||
2.1. Subtree Specification Syntax
|
||
|
||
The Subtree Specification syntax provides a general purpose mechanism
|
||
for the specification of a subset of entries in a subtree of the
|
||
Directory Information Tree (DIT). A subtree begins at some base entry
|
||
and includes the subordinates of that entry down to some identified
|
||
|
||
|
||
|
||
Zeilenga draft-zeilenga-ldap-subentry-05 [Page 2]
|
||
|
||
INTERNET-DRAFT Subentries in LDAP 17 May 2002
|
||
|
||
|
||
lower boundary, possibly extending to the leaf entries. A subtree
|
||
specification is always used within a context or scope which
|
||
implicitly determines the bounds of the subtree. For example, the
|
||
scope of a subtree specification for a subschema administrative area
|
||
does not include the subtrees of any subordinate administrative point
|
||
entries for subschema administration. Where a subtree specification
|
||
does not identify a contiguous subset of the entries within a single
|
||
subtree the collection is termed a subtree refinement.
|
||
|
||
This syntax corresponds to the SubtreeSpecification ASN.1 type
|
||
described in [X.501], Section 11.3. This ASN.1 data type definition
|
||
is reproduced here for completeness.
|
||
|
||
SubtreeSpecification ::= SEQUENCE {
|
||
base [0] LocalName DEFAULT { },
|
||
COMPONENTS OF ChopSpecification,
|
||
specificationFilter [4] Refinement OPTIONAL }
|
||
|
||
|
||
LocalName ::= RDNSequence
|
||
|
||
ChopSpecification ::= SEQUENCE {
|
||
specificExclusions [1] SET OF CHOICE {
|
||
chopBefore [0] LocalName,
|
||
chopAfter [1] LocalName } OPTIONAL,
|
||
minimum [2] BaseDistance DEFAULT 0,
|
||
maximum [3] BaseDistance OPTIONAL}
|
||
|
||
BaseDistance ::= INTEGER (0 .. MAX)
|
||
|
||
Refinement ::= CHOICE {
|
||
item [0] OBJECT-CLASS.&id,
|
||
and [1] SET OF Refinement,
|
||
or [2] SET OF Refinement,
|
||
not [3] Refinement }
|
||
|
||
The components of SubtreeSpecification are: base, which identifies the
|
||
base entry of the subtree or subtree refinement, and
|
||
specificExclusions, minimum, maximum and specificationFilter, which
|
||
then reduce the set of subordinate entries of the base entry. The
|
||
subtree or subtree refinement contains all the entries within scope
|
||
that are not excluded by any of the components of the subtree
|
||
specification. When all of the components of SubtreeSpecification are
|
||
absent (i.e. when a value of the Subtree Specification syntax is the
|
||
empty sequence, {}), the subtree so specified implicitly includes all
|
||
the entries within scope.
|
||
|
||
Any particular use of this mechanism MAY impose limitations or
|
||
|
||
|
||
|
||
Zeilenga draft-zeilenga-ldap-subentry-05 [Page 3]
|
||
|
||
INTERNET-DRAFT Subentries in LDAP 17 May 2002
|
||
|
||
|
||
constraints on the components of SubtreeSpecification.
|
||
|
||
The LDAP syntax specification is:
|
||
|
||
( 1.3.6.1.4.1.1466.115.121.1.45 DESC 'SubtreeSpecification' )
|
||
|
||
The native LDAP encoding of values of this syntax is defined by the
|
||
Generic String Encoding Rules [GSER]. Appendix A provides an
|
||
equivalent ABNF for this syntax.
|
||
|
||
|
||
2.1.1. Base
|
||
|
||
The base component of SubtreeSpecification nominates the base entry of
|
||
the subtree or subtree refinement. The base entry may be an entry
|
||
which is subordinate to the root entry of the scope in which the
|
||
subtree specification is used, in which case the base component
|
||
contains a sequence of RDNs relative to the root entry of the scope,
|
||
or may be the root entry of the scope itself (the default), in which
|
||
case the base component is absent or contains an empty sequence of
|
||
RDNs.
|
||
|
||
Entries that are not subordinates of the base entry are excluded from
|
||
the subtree or subtree refinement.
|
||
|
||
|
||
2.1.2. Specific Exclusions
|
||
|
||
The specificExclusions component of a ChopSpecification is a list of
|
||
exclusions that specify entries and their subordinates to be excluded
|
||
from the the subtree or subtree refinement. The entry is specified by
|
||
a sequence of RDNs relative to the base entry (i.e. a LocalName).
|
||
Each exclusion is of either the chopBefore or chopAfter form. If the
|
||
chopBefore form is used then the specified entry and its subordinates
|
||
are excluded from the subtree or subtree refinement. If the chopAfter
|
||
form is used then only the subordinates of the specified entry are
|
||
excluded from the subtree or subtree refinement.
|
||
|
||
|
||
2.1.3. Minimum and Maximum
|
||
|
||
The minimum and maximum components of a ChopSpecification allow the
|
||
exclusion of entries based on their depth in the DIT.
|
||
|
||
Entries that are less than the minimum number of RDN arcs below the
|
||
base entry are excluded from the subtree or subtree refinement. A
|
||
minimum value of zero (the default) corresponds to the base entry.
|
||
|
||
|
||
|
||
|
||
Zeilenga draft-zeilenga-ldap-subentry-05 [Page 4]
|
||
|
||
INTERNET-DRAFT Subentries in LDAP 17 May 2002
|
||
|
||
|
||
Entries that are more than the maximum number of RDN arcs below the
|
||
base entry are excluded from the subtree or subtree refinement. An
|
||
absent maximum component indicates that there is no upper limit on the
|
||
number of RDN arcs below the base entry for entries in the subtree or
|
||
subtree refinement.
|
||
|
||
2.1.4. Specification Filter
|
||
|
||
The specificationFilter component is a boolean expression of
|
||
assertions about the values of the objectClass attribute of the base
|
||
entry and its subordinates. A Refinement assertion item evaluates to
|
||
true for an entry if that entry's objectClass attribute contains the
|
||
OID nominated in the assertion. Entries for which the overall filter
|
||
evaluates to false are excluded from the subtree refinement. If the
|
||
specificationFilter is absent then no entries are excluded from the
|
||
subtree or subtree refinement because of their objectClass attribute
|
||
values.
|
||
|
||
|
||
2.2. Administrative Role Attribute Type
|
||
|
||
The Administrative Model defined in [X.501], clause 10 requires that
|
||
administrative entries contain an administrativeRole attribute to
|
||
indicate that the associated administrative area is concerned with one
|
||
or more administrative roles.
|
||
|
||
The administrativeRole operational attribute is specified as follows:
|
||
|
||
( 2.5.18.5 NAME 'administrativeRole'
|
||
EQUALITY objectIdentifierMatch
|
||
USAGE directoryOperation
|
||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
|
||
|
||
The possible values of this attribute defined in X.501 are:
|
||
|
||
OID NAME
|
||
-------- -------------------------------
|
||
2.5.23.1 autonomousArea
|
||
2.5.23.2 accessControlSpecificArea
|
||
2.5.23.3 accessControlInnerArea
|
||
2.5.23.4 subschemaAdminSpecificArea
|
||
2.5.23.5 collectiveAttributeSpecificArea
|
||
2.5.23.6 collectiveAttributeInnerArea
|
||
|
||
Other values may be defined in other specifications. Names associated
|
||
with each administrative role are Object Identifier Descriptors
|
||
[LDAPIANA].
|
||
|
||
|
||
|
||
|
||
Zeilenga draft-zeilenga-ldap-subentry-05 [Page 5]
|
||
|
||
INTERNET-DRAFT Subentries in LDAP 17 May 2002
|
||
|
||
|
||
The administrativeRole operational attribute is also used to regulate
|
||
the subentries permitted to be subordinate to an administrative entry.
|
||
A subentry not of a class permitted by the administrativeRole
|
||
attribute cannot be subordinate to the administrative entry.
|
||
|
||
|
||
2.3. Subtree Specification Attribute Type
|
||
|
||
The subtreeSpecification operational attribute is defined as follows:
|
||
|
||
( 2.5.18.6 NAME 'subtreeSpecification'
|
||
SINGLE-VALUE
|
||
USAGE directoryOperation
|
||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.45 )
|
||
|
||
This attribute is present in all subentries. See [X.501], clause 10.
|
||
Values of the subtreeSpecification attribute nominate collections of
|
||
entries within the DIT for one or more aspects of administrative
|
||
authority.
|
||
|
||
|
||
2.4. Subentry Object Class
|
||
|
||
The subentry object class is a structural object class.
|
||
|
||
( 2.5.20.0 NAME 'subentry'
|
||
SUP top STRUCTURAL
|
||
MUST ( cn $ subtreeSpecification ) )
|
||
|
||
|
||
3. Subentries Control
|
||
|
||
The subentries control MAY be sent with a searchRequest to control the
|
||
visibility of entries and subentries which are within scope.
|
||
Non-visible entries or subentries are not returned in response to the
|
||
request.
|
||
|
||
The subentries control is an LDAP Control whose controlType is
|
||
1.3.6.1.4.1.4203.1.10.1, criticality is TRUE or FALSE (hence absent),
|
||
and controlValue contains a BER-encoded BOOLEAN indicating visibility.
|
||
A controlValue containing the value TRUE indicates that subentries are
|
||
visible and normal entries are not. A controlValue containing the
|
||
value FALSE indicates that normal entries are visible and subentries
|
||
are not.
|
||
|
||
Note that TRUE visibility has the three octet encoding { 01 01 FF }
|
||
and FALSE visibility has the three octet encoding { 01 01 00 }.
|
||
|
||
|
||
|
||
|
||
Zeilenga draft-zeilenga-ldap-subentry-05 [Page 6]
|
||
|
||
INTERNET-DRAFT Subentries in LDAP 17 May 2002
|
||
|
||
|
||
The controlValue SHALL NOT be absent.
|
||
|
||
In absence of this control, subentries are not visible to singleLevel
|
||
and wholeSubtree scope Search requests but are visible to baseObject
|
||
scope Search requests.
|
||
|
||
There is no corresponding response control.
|
||
|
||
This control is not appropriate for non-Search operations.
|
||
|
||
|
||
4. Security Considerations
|
||
|
||
Subentries often hold administrative information or other sensitive
|
||
information and should be protected from unauthorized access and
|
||
disclosure as described in [RFC2829][RFC2830].
|
||
|
||
General LDAP [LDAPTS] security considerations also apply.
|
||
|
||
|
||
5. IANA Considerations
|
||
|
||
5.1 Descriptors
|
||
|
||
It is requested that IANA register the LDAP descriptors used in this
|
||
document per the following registration template:
|
||
|
||
Subject: Request for LDAP Descriptor Registration
|
||
Descriptor (short name): see comment
|
||
Object Identifier: see comment
|
||
Person & email address to contact for further information:
|
||
Kurt Zeilenga <kurt@OpenLDAP.org>
|
||
Usage: see comment
|
||
Specification: RFCXXXX
|
||
Author/Change Controller: IESG
|
||
Comments:
|
||
|
||
NAME Type OID
|
||
------------------------ ---- --------
|
||
accessControlInnerArea R 2.5.23.3
|
||
accessControlSpecificArea R 2.5.23.2
|
||
administrativeRole A 2.5.18.5
|
||
autonomousArea R 2.5.23.1
|
||
collectiveAttributeInnerArea R 2.5.23.6
|
||
collectiveAttributeSpecificArea R 2.5.23.5
|
||
subentry O 2.5.20.0
|
||
subschemaAdminSpecificArea R 2.5.23.4
|
||
subtreeSpecification A 2.5.18.6
|
||
|
||
|
||
|
||
Zeilenga draft-zeilenga-ldap-subentry-05 [Page 7]
|
||
|
||
INTERNET-DRAFT Subentries in LDAP 17 May 2002
|
||
|
||
|
||
where Type A is Attribute, Type O is ObjectClass, and Type R is
|
||
Administrative Role.
|
||
|
||
|
||
5.2 Object Identifiers
|
||
|
||
No IANA assignment of object identifiers is requested.
|
||
|
||
This document uses the OID 1.3.6.1.4.1.4203.1.10.1 to identify an LDAP
|
||
protocol element defined herein. This OID was assigned [ASSIGN] by
|
||
OpenLDAP Foundation under its IANA assigned private enterprise
|
||
allocation [PRIVATE] for use in this specification.
|
||
|
||
Other OIDs which appear in this document were either assigned by the
|
||
ISO/IEC Joint Technical Committee 1 - Subcommitte 6 to identify
|
||
elements of X.500 schema or assigned in RFC 2252 for the use described
|
||
here.
|
||
|
||
|
||
6. Acknowledgment
|
||
|
||
This document is based on engineering done by IETF LDUP and LDAPext
|
||
Working Groups including "LDAP Subentry Schema" by Ed Reed. This
|
||
document also borrows from a number of ITU documents including X.501.
|
||
|
||
|
||
7. Authors' Addresses
|
||
|
||
Kurt D. Zeilenga
|
||
OpenLDAP Foundation
|
||
|
||
Email: Kurt@OpenLDAP.org
|
||
|
||
Steven Legg
|
||
Adacel Technologies Ltd.
|
||
405-409 Ferntree Gully Road
|
||
Mount Waverley, Victoria 3149
|
||
AUSTRALIA
|
||
|
||
Phone: +61 3 9451 2107
|
||
Fax: +61 3 9541 2121
|
||
EMail: steven.legg@adacel.com.au
|
||
|
||
|
||
8. Normative References
|
||
|
||
[X.501] ITU-T, "The Directory -- Models," X.501, 1993.
|
||
|
||
|
||
|
||
|
||
Zeilenga draft-zeilenga-ldap-subentry-05 [Page 8]
|
||
|
||
INTERNET-DRAFT Subentries in LDAP 17 May 2002
|
||
|
||
|
||
[X.680] ITU-T, "Abstract Syntax Notation One (ASN.1) -
|
||
Specification of Basic Notation", X.680, 1994.
|
||
|
||
[X.690] ITU-T, "Specification of ASN.1 encoding rules: Basic,
|
||
Canonical, and Distinguished Encoding Rules", X.690, 1994.
|
||
|
||
[RFC2119] S. Bradner, "Key words for use in RFCs to Indicate
|
||
Requirement Levels", BCP 14 (was RFC 2119), March 1997.
|
||
|
||
[RFC2251] M. Wahl, T. Howes, S. Kille, "Lightweight Directory Access
|
||
Protocol (v3)", RFC 2251, December 1997.
|
||
|
||
[RFC2252] M. Wahl, A. Coulbeck, T. Howes, S. Kille, "Lightweight
|
||
Directory Access Protocol (v3): Attribute Syntax
|
||
Definitions", RFC 2252, December 1997.
|
||
|
||
[RFC2829] M. Wahl, H. Alvestrand, J. Hodges, R. Morgan,
|
||
"Authentication Methods for LDAP", RFC 2829, May 2000
|
||
|
||
[RFC2830] J. Hodges, R. Morgan, M. Wahl, "Lightweight Directory
|
||
Access Protocol (v3): Extension for Transport Layer
|
||
Security", RFC 2830, May 2000.
|
||
|
||
[LDAPTS] J. Hodges, R.L. Morgan, "Lightweight Directory Access
|
||
Protocol (v3): Technical Specification",
|
||
draft-ietf-ldapbis-ldapv3-ts-xx.txt, a work in progress.
|
||
|
||
[GSER] S. Legg, "Generic String Encoding Rules for ASN.1 Types",
|
||
draft-legg-ldapext-gser--xx.txt, a work in progress.
|
||
|
||
[LDAPIANA] K. Zeilenga, "IANA Considerations for LDAP", draft-ietf-
|
||
ldapbis-iana-xx.txt, a work in progress.
|
||
|
||
|
||
9. Informative References
|
||
|
||
[RFC2234] D. Crocker, P. Overell, "Augmented BNF for Syntax
|
||
Specifications: ABNF", RFC 2234, November 1997.
|
||
|
||
[GCE] S. Legg, "Common Elements of GSER Encodings",
|
||
draft-legg-ldap-gser-abnf-xx.txt, a work in progress.
|
||
|
||
[ASSIGN] OpenLDAP Foundation, "OpenLDAP OID Delegations",
|
||
http://www.openldap.org/foundation/oid-delegate.txt.
|
||
|
||
[PRIVATE] IANA, "Private Enterprise Numbers",
|
||
http://www.iana.org/assignments/enterprise-numbers.
|
||
|
||
|
||
|
||
|
||
Zeilenga draft-zeilenga-ldap-subentry-05 [Page 9]
|
||
|
||
INTERNET-DRAFT Subentries in LDAP 17 May 2002
|
||
|
||
|
||
A. Subtree Specification ABNF
|
||
|
||
This appendix is non-normative.
|
||
|
||
The LDAP-specific native string encoding for the Subtree Specification
|
||
syntax is specified by the Generic String Encoding Rules [GSER]. The
|
||
ABNF [RFC2234] in this appendix for this syntax is provided only as a
|
||
convenience and is equivalent to the encoding specified by the
|
||
application of [GSER]. Since the SubtreeSpecification ASN.1 type may
|
||
be extended in future editions of [X.501], the provided ABNF should be
|
||
regarded as a snapshot in time. The native LDAP encoding for any
|
||
extension to the SubtreeSpecification ASN.1 type can be determined
|
||
from [GSER].
|
||
|
||
In the event that there is a discrepancy between this ABNF and the
|
||
encoding determined by [GSER], [GSER] is to be taken as definitive.
|
||
|
||
SubtreeSpecification = "{" [ sp base ]
|
||
[ sep sp specificExclusions ]
|
||
[ sep sp minimum ]
|
||
[ sep sp maximum ]
|
||
[ sep sp specificationFilter ]
|
||
sp "}"
|
||
|
||
base = id-base msp LocalName
|
||
specificExclusions = id-specificExclusions msp SpecificExclusions
|
||
minimum = id-minimum msp BaseDistance
|
||
maximum = id-maximum msp BaseDistance
|
||
specificationFilter = id-specificationFilter msp Refinement
|
||
|
||
id-base = %x62.61.73.65 ; "base"
|
||
id-specificExclusions = %x73.70.65.63.69.66.69.63.45.78.63.6C.75.73
|
||
%x69.6F.6E.73 ; "specificExclusions"
|
||
id-minimum = %x6D.69.6E.69.6D.75.6D ; "minimum"
|
||
id-maximum = %x6D.61.78.69.6D.75.6D ; "maximum"
|
||
id-specificationFilter = %x73.70.65.63.69.66.69.63.61.74.69.6F.6E.46
|
||
%x69.6C.74.65.72 ; "specificationFilter"
|
||
|
||
SpecificExclusions = "{" sp SpecificExclusion
|
||
*( "," sp SpecificExclusion ) sp "}"
|
||
SpecificExclusion = chopBefore / chopAfter
|
||
chopBefore = id-chopBefore ":" LocalName
|
||
chopAfter = id-chopAfter ":" LocalName
|
||
id-chopBefore = %x63.68.6F.70.42.65.66.6F.72.65 ; "chopBefore"
|
||
id-chopAfter = %x63.68.6F.70.41.66.74.65.72 ; "chopAfter"
|
||
|
||
Refinement = item / and / or / not
|
||
item = id-item ":" OBJECT-IDENTIFIER
|
||
|
||
|
||
|
||
Zeilenga draft-zeilenga-ldap-subentry-05 [Page 10]
|
||
|
||
INTERNET-DRAFT Subentries in LDAP 17 May 2002
|
||
|
||
|
||
and = id-and ":" Refinements
|
||
or = id-or ":" Refinements
|
||
not = id-not ":" Refinement
|
||
Refinements = "{" [ sp Refinement
|
||
*( "," sp Refinement ) ] sp "}"
|
||
id-item = %x69.74.65.6D ; "item"
|
||
id-and = %x61.6E.64 ; "and"
|
||
id-or = %x6F.72 ; "or"
|
||
id-not = %x6E.6F.74 ; "not"
|
||
|
||
BaseDistance = INTEGER
|
||
|
||
The <sp>, <msp>, <sep>, <INTEGER>, <OBJECT-IDENTIFIER> and <LocalName>
|
||
rules are defined in [GCE].
|
||
|
||
|
||
Copyright 2002, The Internet Society. All Rights Reserved.
|
||
|
||
This document and translations of it may be copied and furnished to
|
||
others, and derivative works that comment on or otherwise explain it
|
||
or assist in its implementation may be prepared, copied, published and
|
||
distributed, in whole or in part, without restriction of any kind,
|
||
provided that the above copyright notice and this paragraph are
|
||
included on all such copies and derivative works. However, this
|
||
document itself may not be modified in any way, such as by removing
|
||
the copyright notice or references to the Internet Society or other
|
||
Internet organizations, except as needed for the purpose of
|
||
developing Internet standards in which case the procedures for
|
||
copyrights defined in the Internet Standards process must be followed,
|
||
or as required to translate it into languages other than English.
|
||
|
||
The limited permissions granted above are perpetual and will not be
|
||
revoked by the Internet Society or its successors or assigns.
|
||
|
||
This document and the information contained herein is provided on an
|
||
"AS IS" basis and THE AUTHORS, THE INTERNET SOCIETY, AND THE INTERNET
|
||
ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED,
|
||
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
|
||
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
|
||
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
Zeilenga draft-zeilenga-ldap-subentry-05 [Page 11]
|
||
|