[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: I-D ACTION:draft-ietf-ldapbis-url-05.txt

To: "Mark Smith" <mcs@pearlcrescent.com>, <andrew.sciberras@adacel.com>
Subject: RE: I-D ACTION:draft-ietf-ldapbis-url-05.txt
From: "Ramsay, Ron" <Ron.Ramsay@ca.com>
Date: Tue, 17 Feb 2004 11:14:55 +1100
Cc: <howes@opsware.com>, <ietf-ldapbis@OpenLDAP.org>
Content-class: urn:content-classes:message
Thread-index: AcP04fNlfeJpzz0RQT+qbpnO09m4pAACJYhw
Thread-topic: I-D ACTION:draft-ietf-ldapbis-url-05.txt

Why are they called extensions and not controls? It looks a bit misleading to me. (LDAP can be extended in a number of ways.)

As regards the action to be taken when a control is present, can't you simply refer to the protocol spec?

Ron

-----Original Message-----
From: owner-ietf-ldapbis@OpenLDAP.org
[mailto:owner-ietf-ldapbis@OpenLDAP.org]On Behalf Of Mark Smith
Sent: Tuesday, 17 February 2004 10:05
To: andrew.sciberras@adacel.com
Cc: howes@opsware.com; ietf-ldapbis@OpenLDAP.org
Subject: Re: I-D ACTION:draft-ietf-ldapbis-url-05.txt

Andrew Sciberras wrote:

> G'day,
> 
> Just some comments:
> 
> 
> Section 4. Introduction.
> Include "MUST NOT" and "SHOULD NOT" in the final paragraph.

Good catch.  I will add those.

> Section 5. URL Definition
> 
> 
>>SLASH = %x5C; forward slash ("/")
> 
> %x5C is the backslash, use %x2F instead.

Oops.  Thanks; I will fix it.

>>The "ldap" prefix indicates an entry or entries residing in the LDAP
>>server running on the given hostname at the given portnumber.
> 
> Does this imply that it would be wrong to chain the request, if the server
> is able to do so?

No, I do not think so.  The phrase "residing in" is probably too 
restrictive.  Perhaps replace with "accessible from" so it reads:

   The "ldap" prefix indicates an entry or entries accessible from
   the LDAP server running on the given hostname at the given portnumber.

?

>>An extension prefixed with a '!'character (ASCII 33)
>>is critical.
> 
> Wouldn't it be better to maintain consistency and use hex (0x21) instead of
> decimal (33)?

OK; good suggestion.

>>If an LDAP URL extension is recognised by an implementation, the
>>implementation MUST make use of it.
> 
> What if you recognise it, but don't implement it?
> If it is not critical then I see no reason why the operation should not
> proceed.

Kurt can probably explain this better than I can... but the goal is to 
be consistent the philopsophy used for LDAP controls in the Protocol 
document.  I think "recognized" implies "ability to use" an extension; 
that is, if an implementation recognizes an extension it is able to use it.

-Mark

Prev by Date: RE: authmeth: missing protection
Next by Date: hijack attack (Was: authmeth-09 comments)
Index(es):
- Chronological
- Thread