One document matched: draft-armijo-ldap-control-error-00.txt

INTERNET-DRAFT                                         Michael P. Armijo
<draft-armijo-ldap-control-error-00.txt>           Microsoft Corporation       
July, 2000                                                  
Expires: January, 2001                           
						
						
               Result Message for LDAP Controls

Status of this Memo

   This document is an Internet-Draft and is in full conformance with
   all provisions of Section 10 of RFC2026.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet- Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html.

   Distribution of this memo is unlimited.  It is filed as <draft-
   armijo-ldap-control-error-00.txt>, and expires on January 14, 2001.  
   Please send comments to the authors.


1. Abstract

   LDAPv3 [1] allows for the extension of the protocol through the use 
   of controls.  These controls allow existing operations to be 
   enhanced to provide additional functionality for directory 
   operations.  Complex controls are being established that are 
   bringing up error conditions not anticipated in the LDAPv3 
   specifications.  The purpose of this draft is to create new result 
   codes specific to LDAP controls and to define guidelines for the 
   use of these result codes.


2. The LDAP Control Response Code

   The LDAPResult construct as defined in RFC 2251 [1] would be 
   amended to include the following additional result codes:

   LDAPResult ::= SEQUENCE {
                   resultCode      ENUMERATED {

                                 controlError           (xx),
                                 criticalControlError   (xx)},
                   
                   matchedDN       LDAPDN,
                   errorMessage    LDAPString,
                   referral        [3] Referral OPTIONAL }
   
   The controlError signifies that portions of the operation 
   MAY have not completed in it's entirety due to an error in an
   associated control.

   The criticalControlError signifies that the operation has failed
   due to an error in an associated critical control.

3. Use of the LDAP Control Response Code
 
   The controlError result code should be returned when an operation 
   has succeeded but an attached control may have failed.  Controls MAY 
   define a control specific response code that is embedded in the 
   control value.  

   The criticalControlError indicates that an attached critical control 
   has caused the entire operation to fail.  

   The controlError or criticalControlError response code can be defined 
   in control specifications to signify that the client should parse the 
   embedded response code for details on the control failure.  The exact 
   behavior of the client with particular controls MUST be defined in 
   any control specification.
   

4. Security Considerations

   This document defines an extension to RFC 2251 [1] and has the same 
   security issues.  See the security considerations section in [1] for 
   more details.


5. References

   [1]  Wahl, M., Howes, T. and S. Kille, "Lightweight Directory Access
        Protocol(v3)", RFC 2251, December 1997.


6. Authors Address

   Michael P. Armijo
   One Microsoft Way
   Redmond, WA 98052
   micharm@microsoft.com

   Expires January, 2001