[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#5785) dontUseCopy in slapd requires criticality to be TRUE

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#5785) dontUseCopy in slapd requires criticality to be TRUE
From: michael@stroeder.com
Date: Sat, 1 Nov 2008 18:27:56 GMT

ando@sys-net.it wrote:
> 
> The "dontUseCopy" control requires criticality to be TRUE.  While this is the
> desirable value,

Why is this a desirable value? The answer Kurt gave on ldap-ext mailing
list just mentioned direct mapping to X.511 dontUseCopy option.

> a DUA could use the control with the criticality set to FALSE.

As I stated on ldap-ext mailing list in this case I'd simply accept a
best effort on the DSA side. So sending "dontUseCopy" control with
criticality FALSE would mean: If the DSA supports this control it should
*process* it according to what's specified in
draft-zeilenga-ldap-dontusecopy. Otherwise ignore it.

The main problem is that a DUA cannot determine in advance whether a DSA
supports a certain control for a certain backend. It turned out in
practice that looking a supportedControl in rootDSE does not have any
meaning at all.

IMO yet another control does not solve this.

> For full conformance with RFC4511, if the control is syntactically well-formed
> and criticality is set to FALSE, slapd MUST accept it if recognized, or MUST
> ignore it if not recognized, but CANNOT question the fact that the value of
> criticality is violating the control's specification.

I'm not sure whether this statement can be made generally. I'd wish so
and I'd rephrase "accept it" to "process it".

Ciao, Michael.

Prev by Date: (ITS#5785) dontUseCopy in slapd requires criticality to be TRUE
Next by Date: Re: (ITS#5709) slapd sync provider skips some objects
Index(es):
- Chronological
- Thread