[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Critical controls
At 03:33 PM 11/22/00 -0500, Mark Smith wrote:
>Jim Sermersheim wrote:
>
>> RFC 2251 states in section 4.1.12"If the server does not recognize
>> the control type and the criticality field is TRUE, the server MUST
>> NOT perform the operation, and MUST instead return the resultCode
>> unavailableCriticalExtension."and"If the control is not appropriate
>> for the operation and criticality field is TRUE, the server MUST NOT
>> perform the operation, and MUST instead return the resultCode
>> unavailableCriticalExtension." There is a problem in that LDAP doesn't
>> define an unbindResponse or an abandonResponse, thus can't return
>> unavailableCriticalExtension. When an unbind or abandon operation is
>> paired with an unrecognized or inappropriate critical control, is it
>> best to not perform the operation, or ignore the control? Jim
>
>Good question. Maybe we say that clients MUST NOT send critical
>controls with abandon or unbind requests. We could specify that servers
>SHOULD treat all controls that are marked critical that arrive with an
>abandonRequest or unbindRequest as not critical. Not very clean, but we
>have to make a choice.
I suggest different handling for abandon then unbind.
A abandon request with an unrecognized or inappropriate critical
control should be ignored by the server.
A unbind request with an unrecognized or inappropriate critical
control should be processed by the server as if the control was
not critical.
Kurt