xref: /netbsd-src/external/bsd/openldap/dist/doc/drafts/draft-sermersheim-ldap-subordinate-scope-xx.txt (revision 4d342c046e3288fb5a1edcd33cfec48c41c80664) 
1
2Network Working Group                                    J;. Sermersheim
3Internet-Draft                                               Novell, Inc
4Updates: 2251 (if approved)                                    July 2004
5Expires: December 30, 2004
6
7
8               Subordinate Subtree Search Scope for LDAP
9              draft-sermersheim-ldap-subordinate-scope-00.txt
10
11Status of this Memo
12
13   This document is an Internet-Draft and is subject to all provisions
14   of section 3 of RFC 3667.  By submitting this Internet-Draft, each
15   author represents that any applicable patent or other IPR claims of
16   which he or she is aware have been or will be disclosed, and any of
17   which he or she become aware will be disclosed, in accordance with
18   RFC 3668.
19
20   Internet-Drafts are working documents of the Internet Engineering
21   Task Force (IETF), its areas, and its working groups.  Note that
22   other groups may also distribute working documents as
23   Internet-Drafts.
24
25   Internet-Drafts are draft documents valid for a maximum of six months
26   and may be updated, replaced, or obsoleted by other documents at any
27   time.  It is inappropriate to use Internet-Drafts as reference
28   material or to cite them other than as "work in progress."
29
30   The list of current Internet-Drafts can be accessed at
31   http://www.ietf.org/ietf/1id-abstracts.txt.
32
33   The list of Internet-Draft Shadow Directories can be accessed at
34   http://www.ietf.org/shadow.html.
35
36   This Internet-Draft will expire on December 30, 2004.
37
38Copyright Notice
39
40   Copyright (C) The Internet Society (2004).
41
42Abstract
43
44   The Lightweight Directory Application Protocol (LDAP) specification
45   supports three scope values for the search operation -- namely:
46   baseObject, singleLevel, and wholeSubtree.  This document introduces
47   a subordinateSubtree scope which constrains the search scope to all
48   subordinates of the named base object.
49
50Discussion Forum
51
52
53
54Sermersheim            Expires December 30, 2004                [Page 1]
55
56Internet-Draft    Subordinate Subtree Search Scope for LDAP    July 2004
57
58
59   Technical discussion of this document will take place on the IETF
60   LDAP Extensions mailing list <ldapext@ietf.org>.  Please send
61   editorial comments directly to the author.
62
631.  Overview
64
65   There are a number of reasons which have surfaced for introducing a
66   Lightweight Directory Application Protocol (LDAP) [RFC3377]
67   SearchRequest.scope [RFC2251] which constrains the search scope to
68   all subordinates of the named base object, and does not include the
69   base object (as wholeSubtree does).  These reasons range from the
70   obvious utility of allowing an LDAP client application the ability to
71   exclude the base object from a wholeSubtree search scope, to
72   distributed operation applications which require this scope for
73   progressing search sub-operations resulting from an nssr DSE type
74   reference.
75
76   To meet these needs, the subordinateSubtree scope value is
77   introduced.
78
79   The subordinateSubtrees cope is applied to the SearchRequest.scope
80   field, the <scope> type and alternately the <extension> type of the
81   LDAP URL [RFC2255] and may be applied to other specifications which
82   include an LDAP search scope.  A mechanism is also given which allows
83   LDAP Directory Server Agents (DSA)s to advertise support of this
84   search scope.
85
862.  Application to SearchRequest.scope
87
88   A new item is added to this ENUMERATED type.  The identifier is
89   subordinateSubtree and the number is 4.
90
91   A DSA which receives and supports the subordinateSubtree
92   SearchRequest.scope constrains the search scope to all subordinate
93   objects.
94
95   A DSA which receives but does not support the subordinateSubtree
96   SearchRequest.scope returns a protocolError resultCode in the
97   SearchResultDone.
98
993.  LDAP URL applications
100
101   The LDAP URL [RFC2255] specification allows the conveyance of a
102   search scope.  This section intoduces two ways in which the
103   subordinateScope search scope may be conveyed in an LDAP URL.  One
104   way is by allowing a new "subord" scope in the <scope> part.  Another
105   way is through the introduction of an LDAP URL extension.  The LDAP
106   URL extension method is preferred for its criticality semantics.
107
108
109
110Sermersheim            Expires December 30, 2004                [Page 2]
111
112Internet-Draft    Subordinate Subtree Search Scope for LDAP    July 2004
113
114
1153.1  Application to LDAP URL <scope>
116
117   A new <scope> value of "subord" is added.  Using the <scope> type
118   from LDAP URL [RFC2255], the ABNF is as follows:
119
120   scope /= "subord"
121
122   Implementations processing but which do not understand or support the
123   "subord" <scope> of an LDAP URL raise an appropriate error.
124
1253.2  Application to LDAP URL <extension>
126
127   An LDAP URL <extension> mechanism is introduced here.  The <extype>
128   is IANA-ASSIGNED-OID.1 or the descriptor 'subordScope', and the
129   exvalue is omitted.  The extension may be marked as either critical
130   or non-critical.
131
132   If supported, the subordScope extension overrides any value set in
133   the <scope> field.
134
1354.  DSA Advertisement of support
136
137   A DSA may advertise its support of the subordinateSubtree item in the
138   SearchRequest.scope by inclusion of IANA-ASSIGNED-OID.2 in the
139   'supportedFeatures' attribute of the root DSE.
140
1415.  Security Considerations
142
143   This specification introduces no security concerns above any
144   associated with the existing wholeSubtree search scope value.
145
146   As with the wholeSubtree search scope, this scope specifies that a
147   search be applied to an entire subtree hierarchy.  Implementations
148   should be aware of the relative cost of using or allowing this scope.
149
1506  Normative References
151
152   [RFC2251]  Wahl, M., Howes, T. and S. Kille, "Lightweight Directory
153              Access Protocol (v3)", RFC 2251, December 1997.
154
155   [RFC2255]  Howes, T. and M. Smith, "The LDAP URL Format", RFC 2255,
156              December 1997.
157
158   [RFC3377]  Hodges, J. and R. Morgan, "Lightweight Directory Access
159              Protocol (v3): Technical Specification", RFC 3377,
160              September 2002.
161
162   [RFC3383]  Zeilenga, K., "Internet Assigned Numbers Authority (IANA)
163
164
165
166Sermersheim            Expires December 30, 2004                [Page 3]
167
168Internet-Draft    Subordinate Subtree Search Scope for LDAP    July 2004
169
170
171              Considerations for the Lightweight Directory Access
172              Protocol (LDAP)", BCP 64, RFC 3383, September 2002.
173
174
175Author's Address
176
177   Jim Sermersheim
178   Novell, Inc
179   1800 South Novell Place
180   Provo, Utah  84606
181   USA
182
183   Phone: +1 801 861-3088
184   EMail: jimse@novell.com
185
186Appendix A.  IANA Considerations
187
188   Registration of the following values is requested [RFC3383].
189
190A.1  LDAP Object Identifier Registrations
191
192   It is requested that IANA register upon Standards Action an LDAP
193   Object Identifier in identifying the protocol elements defined in
194   this technical specification.  The following registration template is
195   provided:
196
197      Subject: Request for LDAP OID Registration
198      Person & email address to contact for further information:
199         Jim Sermersheim
200         jimse@novell.com
201      Specification: RFCXXXX
202      Author/Change Controller: IESG
203      Comments:
204      2 delegations will be made under the assigned OID:
205         IANA-ASSIGNED-OID.1 subordScope LDAP URL extension
206         IANA-ASSIGNED-OID.2 subordinateScope Supported Feature
207
208A.2  LDAP Protocol Mechanism Registrations
209
210   It is requested that IANA register upon Standards Action the LDAP
211   protocol mechanism described in this document.  The following
212   registration templates are given:
213
214      Subject: Request for LDAP Protocol Mechanism Registration
215      Object Identifier: IANA-ASSIGNED-OID.1
216      Description: subordScope LDAP URL extension
217      Person & email address to contact for further information:
218
219
220
221
222Sermersheim            Expires December 30, 2004                [Page 4]
223
224Internet-Draft    Subordinate Subtree Search Scope for LDAP    July 2004
225
226
227         Jim Sermersheim
228         jimse@novell.com
229      Usage: Extension
230      Specification: RFCXXXX
231      Author/Change Controller: IESG
232      Comments: none
233
234A.3  LDAP Descriptor Registrations
235
236   It is requested that IANA register upon Standards Action the LDAP
237   descriptors described in this document.  The following registration
238   templates are given:
239
240      Subject: Request for LDAP Descriptor Registration
241      Descriptor (short name): subordScope
242      Object Identifier: IANA-ASSIGNED-OID.1
243      Person & email address to contact for further information:
244         Jim Sermersheim
245         jimse@novell.com
246      Usage: URL Extension
247      Specification: RFCXXXX
248      Author/Change Controller: IESG
249      Comments: none
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278Sermersheim            Expires December 30, 2004                [Page 5]
279
280Internet-Draft    Subordinate Subtree Search Scope for LDAP    July 2004
281
282
283Intellectual Property Statement
284
285   The IETF takes no position regarding the validity or scope of any
286   Intellectual Property Rights or other rights that might be claimed to
287   pertain to the implementation or use of the technology described in
288   this document or the extent to which any license under such rights
289   might or might not be available; nor does it represent that it has
290   made any independent effort to identify any such rights.  Information
291   on the procedures with respect to rights in RFC documents can be
292   found in BCP 78 and BCP 79.
293
294   Copies of IPR disclosures made to the IETF Secretariat and any
295   assurances of licenses to be made available, or the result of an
296   attempt made to obtain a general license or permission for the use of
297   such proprietary rights by implementers or users of this
298   specification can be obtained from the IETF on-line IPR repository at
299   http://www.ietf.org/ipr.
300
301   The IETF invites any interested party to bring to its attention any
302   copyrights, patents or patent applications, or other proprietary
303   rights that may cover technology that may be required to implement
304   this standard.  Please address the information to the IETF at
305   ietf-ipr@ietf.org.
306
307
308Disclaimer of Validity
309
310   This document and the information contained herein are provided on an
311   "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
312   OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
313   ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
314   INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
315   INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
316   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
317
318
319Copyright Statement
320
321   Copyright (C) The Internet Society (2004).  This document is subject
322   to the rights, licenses and restrictions contained in BCP 78, and
323   except as set forth therein, the authors retain all their rights.
324
325
326Acknowledgment
327
328   Funding for the RFC Editor function is currently provided by the
329   Internet Society.
330
331
332
333
334Sermersheim            Expires December 30, 2004                [Page 6]
335
336