RFC 2251 states in section 4.1.12
"If the server does not recognize the control type and the criticality
field is TRUE, the server MUST NOT perform the operation, and MUST instead
return the resultCode unavailableCriticalExtension."
and
"If the control is not appropriate for the operation and criticality field
is TRUE, the server MUST NOT perform the operation, and MUST instead return the
resultCode unavailableCriticalExtension."
There is a problem in that LDAP doesn't define an unbindResponse or an
abandonResponse, thus can't return unavailableCriticalExtension. When an unbind
or abandon operation is paired with an unrecognized or inappropriate critical
control, is it best to not perform the operation, or ignore the control?
Jim
|