http://stupid.domain.name/ietf/

One document matched: draft-armijo-ldap-treedelete-00.txt
INTERNET-DRAFT 				                  Michael P. Armijo
Status: Informational			              Microsoft Corporation
November 1998 
Expires May 1998 	 					 


                             Tree Delete Control
                    draft-armijo-ldap-treedelete-00.txt


1. Status of this Memo


This memo provides information for the Internet community. It does not 
specify an Internet standard of any kind. Distribution of this memo is 
unlimited.

This document is an Internet-Draft. Internet-Drafts are working 
documents of the Internet Engineering Task Force (IETF), its areas, and 
its working groups. Note that other groups may also distribute working 
documents as Internet-Drafts. 

Internet-Drafts are draft documents valid for a maximum of six months 
and may be updated, replaced, or obsoleted by other documents at any 
time. It is inappropriate to use Internet- Drafts as reference material 
or to cite them other than as "work in progress." 

To view the entire list of current Internet-Drafts, please check the 
"1id-abstracts.txt" listing contained in the Internet-Drafts Shadow 
Directories on ftp.is.co.za (Africa), ftp.nordu.net (Northern Europe), 
ftp.nis.garr.it (Southern Europe), munnari.oz.au (Pacific Rim), 
ftp.ietf.org (US East Coast), or ftp.isi.edu (US West Coast).

2. Abstract

The purpose of this document is to inform the Internet community of an 
LDAP control available in the Windows NT Active Directory. This control 
will delete an entire subtree of a container entry.  This control is 
beneficial in extending the functionality of the LDAP protocol and may 
be useful in administration in an LDAP environment.  It is intended 
that other members of the internet community will be able to implement 
this control if desired.


3. RFC Key Words

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 
"SHOULD", "SHOULD NOT", "RECOMMENDED",  "MAY", and "OPTIONAL" in this 
document are to be interpreted as described in RFC 2119.


4. Tree Delete Control

This control allows a client to delete an entire subtree.  This can 
only be done if the authenticated user has appropriate permissions to 
complete the operation.  This control MUST only be used with a 
DelRequest message.  A server MUST ignore the control if used with any 
other message unless the criticality field is set to True, in which 
case the entire operation MUST fail and MUST instead return the 
resultCode unsupportedCriticalExtension as per section 4.1.12 of 
[RFC 2251].  The server MUST list that it recognizes this control in 
the supportedControl attribute in the root DSE.

The control is included in the DelRequest message as part of the 
controls field of the LDAPMessage.  The controlType is 
" 1.2.840.113556.1.4.805", the criticality field may be TRUE or FALSE, 
and the controlValue field is absent.

      
4.1 Error Messages with this Control

When the Tree Delete Control is invoked, the server MUST check to see 
if the authenticated user has appropriate permissions to delete the 
object and all of its descendants.  If the user does not have 
appropriate permissions, an insufficientAccessRights(50) error SHOULD 
be returned.  

If the server has a problem identifying the objects to delete, the 
server MAY return an operationsError(1).  The operation MAY be retried 
if this error is returned. 

Server implementations may have other restraints on which containers 
may or may not use the Tree Delete control.  If you attempt to delete a 
container that cannot be deleted due to a platform specific restraint, 
the server SHOULD return the error unwillingToPerform(53).  The Tree 
Delete control will not work under these circumstances and the 
operation SHOULD NOT be retried on this container.

If the limit to the number of objects that can be deleted in one 
operation is reached, the server SHOULD return adminLimitExceeded(11).  
Objects processed up to the point of the limit SHOULD be deleted.  The 
DelRequest with the Tree Delete Control SHOULD be resubmitted until a 
successful response is returned to the server.


4.2 Processing of Objects

The Tree Delete control MUST follow certain rules in regard to the 
order that objects are processed for deletion.  The objects MUST be 
processed in a such a way that if the operation is halted the integrity 
of the directory tree is maintained and the delRequest can be 
resubmitted to complete the operation.  The control MUST delete leaf 
objects first. The server MUST NOT process the objects in a method that 
might allow an object to be orphaned.


5. References

[RFC 2251]
    M. Wahl, T. Howes, S. Kille, "Lightweight Directory Access Protocol
    (v3)", RFC 2251, December 1997.  1997.

[RFC 2119] 
    Bradner, S., "Key words for use in RFCs to Indicate Requirement 
	Levels," 
    RFC 2119, Harvard University, March 1997.


6. Authors Address

 Michael P. Armijo
 One Microsoft Way
 Redmond, WA 
 98052
 USA

 (425)882-8080
 micharm@microsoft.com
PAFTECH AB 2003-2026
2026-04-24 05:54:03