Difference between revisions of "RFC4525"
| Line 6: | Line 6: | ||
Modify-Increment Extension | Modify-Increment Extension | ||
| − | Status of This Memo | + | '''Status of This Memo''' |
This memo provides information for the Internet community. It does | This memo provides information for the Internet community. It does | ||
| Line 12: | Line 12: | ||
memo is unlimited. | memo is unlimited. | ||
| − | Copyright Notice | + | '''Copyright Notice''' |
Copyright (C) The Internet Society (2006). | Copyright (C) The Internet Society (2006). | ||
| − | Abstract | + | '''Abstract''' |
This document describes an extension to the Lightweight Directory | This document describes an extension to the Lightweight Directory | ||
| Line 23: | Line 23: | ||
especially when combined with the assertion control and/or the pre- | especially when combined with the assertion control and/or the pre- | ||
read or post-read control extension. | read or post-read control extension. | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
== Background and Intended Use == | == Background and Intended Use == | ||
| − | The Lightweight Directory Access Protocol (LDAP) [RFC4510] does not | + | The Lightweight Directory Access Protocol (LDAP) [[RFC4510]] does not |
currently provide an operation to increment values of an attribute. | currently provide an operation to increment values of an attribute. | ||
A client must read the values of the attribute and then modify those | A client must read the values of the attribute and then modify those | ||
| Line 50: | Line 36: | ||
modify request. | modify request. | ||
| − | This document extends the LDAP Modify Operation [RFC4511] to support | + | This document extends the LDAP Modify Operation [[RFC4511]] to support |
an increment values capability. This feature is intended to be used | an increment values capability. This feature is intended to be used | ||
with either the LDAP pre-read or post-read control extensions | with either the LDAP pre-read or post-read control extensions | ||
| − | [RFC4527]. This feature may also be used with the LDAP assertion | + | [[RFC4527]]. This feature may also be used with the LDAP assertion |
| − | control extension [RFC4528] to provide test-and-increment | + | control extension [[RFC4528]] to provide test-and-increment |
functionality. | functionality. | ||
In this document key words "MUST", "MUST NOT", "REQUIRED", "SHALL", | In this document key words "MUST", "MUST NOT", "REQUIRED", "SHALL", | ||
"SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and | "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and | ||
| − | "OPTIONAL" are to be interpreted as described in BCP 14 [RFC2119]. | + | "OPTIONAL" are to be interpreted as described in [[BCP14|BCP 14]] [[RFC2119]]. |
== The Modify-Increment Extension == | == The Modify-Increment Extension == | ||
| Line 81: | Line 67: | ||
Servers supporting this feature SHOULD publish the object identifier | Servers supporting this feature SHOULD publish the object identifier | ||
| − | (OID) 1.3.6.1.1.14 as a value of the 'supportedFeatures' [RFC4512] | + | (OID) 1.3.6.1.1.14 as a value of the 'supportedFeatures' [[RFC4512]] |
attribute in the root DSE. Clients supporting this feature SHOULD | attribute in the root DSE. Clients supporting this feature SHOULD | ||
NOT use the feature unless they know the server supports it. | NOT use the feature unless they know the server supports it. | ||
| Line 88: | Line 74: | ||
To represent Modify-Increment requests in LDAP Data Interchange | To represent Modify-Increment requests in LDAP Data Interchange | ||
| − | Format [RFC2849], the ABNF [RFC4234] production <mod-spec> is | + | Format [[RFC2849]], the ABNF [[RFC4234]] production <mod-spec> is |
extended as follows: | extended as follows: | ||
| Line 108: | Line 94: | ||
== Security Considerations == | == Security Considerations == | ||
| − | General LDAP security considerations [RFC4510], as well as those | + | General LDAP security considerations [[RFC4510]], as well as those |
| − | specific to the LDAP Modify [RFC4511], apply to this Modify-Increment | + | specific to the LDAP Modify [[RFC4511]], apply to this Modify-Increment |
extension. Beyond these considerations, it is noted that | extension. Beyond these considerations, it is noted that | ||
introduction of this extension should reduce application complexity | introduction of this extension should reduce application complexity | ||
| Line 118: | Line 104: | ||
== IANA Considerations == | == IANA Considerations == | ||
| − | Registration of the following values [RFC4520] have been completed. | + | Registration of the following values [[RFC4520]] have been completed. |
=== Object Identifier === | === Object Identifier === | ||
| Line 128: | Line 114: | ||
Person & email address to contact for further information: | Person & email address to contact for further information: | ||
Kurt Zeilenga <[email protected]> | Kurt Zeilenga <[email protected]> | ||
| − | Specification: RFC 4525 | + | Specification: [[RFC4525|RFC 4525]] |
Author/Change Controller: Author | Author/Change Controller: Author | ||
Comments: | Comments: | ||
| Line 144: | Line 130: | ||
Usage: Feature | Usage: Feature | ||
| − | Specification: RFC 4525 | + | Specification: [[RFC4525|RFC 4525]] |
Author/Change Controller: Kurt Zeilenga <[email protected]> | Author/Change Controller: Kurt Zeilenga <[email protected]> | ||
Comments: none | Comments: none | ||
| Line 151: | Line 137: | ||
The IANA has assigned an LDAP ModifyRequest Operation Type (3) | The IANA has assigned an LDAP ModifyRequest Operation Type (3) | ||
| − | [RFC4520] for use in this document. | + | [[RFC4520]] for use in this document. |
Subject: Request for LDAP Protocol Mechanism Registration | Subject: Request for LDAP Protocol Mechanism Registration | ||
| Line 159: | Line 145: | ||
Kurt Zeilenga <[email protected]> | Kurt Zeilenga <[email protected]> | ||
Usage: Feature | Usage: Feature | ||
| − | Specification: RFC 4525 | + | Specification: [[RFC4525|RFC 4525]] |
Author/Change Controller: Kurt Zeilenga <[email protected]> | Author/Change Controller: Kurt Zeilenga <[email protected]> | ||
Comments: none | Comments: none | ||
| Line 167: | Line 153: | ||
=== Normative References === | === Normative References === | ||
| − | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | + | [[RFC2119]] Bradner, S., "Key words for use in RFCs to Indicate |
| − | Requirement Levels", BCP 14, RFC 2119, March 1997. | + | Requirement Levels", [[BCP14|BCP 14]], [[RFC2119|RFC 2119]], March 1997. |
| − | [RFC4234] Crocker, D. and P. Overell, "Augmented BNF for Syntax | + | [[RFC4234]] Crocker, D. and P. Overell, "Augmented BNF for Syntax |
| − | Specifications: ABNF", RFC 4234, October 2005. | + | Specifications: ABNF", [[RFC4234|RFC 4234]], October 2005. |
| − | [RFC2849] Good, G., "The LDAP Data Interchange Format (LDIF) - | + | [[RFC2849]] Good, G., "The LDAP Data Interchange Format (LDIF) - |
| − | Technical Specification", RFC 2849, June 2000. | + | Technical Specification", [[RFC2849|RFC 2849]], June 2000. |
| − | [RFC4510] Zeilenga, K., Ed., "Lightweight Directory Access | + | [[RFC4510]] Zeilenga, K., Ed., "Lightweight Directory Access |
Protocol (LDAP): Technical Specification Road Map", RFC | Protocol (LDAP): Technical Specification Road Map", RFC | ||
4510, June 2006. | 4510, June 2006. | ||
| − | [RFC4511] Sermersheim, J., Ed., "Lightweight Directory Access | + | [[RFC4511]] Sermersheim, J., Ed., "Lightweight Directory Access |
| − | Protocol (LDAP): The Protocol", RFC 4511, June 2006. | + | Protocol (LDAP): The Protocol", [[RFC4511|RFC 4511]], June 2006. |
| − | [RFC4512] Zeilenga, K., "Lightweight Directory Access Protocol | + | [[RFC4512]] Zeilenga, K., "Lightweight Directory Access Protocol |
| − | (LDAP): Directory Information Models", RFC 4512, June | + | (LDAP): Directory Information Models", [[RFC4512|RFC 4512]], June |
2006. | 2006. | ||
=== Informative References === | === Informative References === | ||
| − | [RFC4520] Zeilenga, K., "Internet Assigned Numbers Authority | + | [[RFC4520]] Zeilenga, K., "Internet Assigned Numbers Authority |
(IANA) Considerations for the Lightweight Directory | (IANA) Considerations for the Lightweight Directory | ||
| − | Access Protocol (LDAP)", BCP 64, RFC 4520, June 2006. | + | Access Protocol (LDAP)", [[BCP64|BCP 64]], [[RFC4520|RFC 4520]], June 2006. |
| − | [RFC4527] Zeilenga, K., "Lightweight Directory Access Protocol | + | [[RFC4527]] Zeilenga, K., "Lightweight Directory Access Protocol |
| − | (LDAP) Read Entry Controls", RFC 4527, June 2006. | + | (LDAP) Read Entry Controls", [[RFC4527|RFC 4527]], June 2006. |
| − | [RFC4528] Zeilenga, K., "Lightweight Directory Access Protocol | + | [[RFC4528]] Zeilenga, K., "Lightweight Directory Access Protocol |
| − | (LDAP) Assertion Control", RFC 4528, June 2006. | + | (LDAP) Assertion Control", [[RFC4528|RFC 4528]], June 2006. |
Author's Address | Author's Address | ||
| Line 211: | Line 197: | ||
This document is subject to the rights, licenses and restrictions | This document is subject to the rights, licenses and restrictions | ||
| − | contained in BCP 78, and except as set forth therein, the authors | + | contained in [[BCP78|BCP 78]], and except as set forth therein, the authors |
retain all their rights. | retain all their rights. | ||
| Line 231: | Line 217: | ||
made any independent effort to identify any such rights. Information | made any independent effort to identify any such rights. Information | ||
on the procedures with respect to rights in RFC documents can be | on the procedures with respect to rights in RFC documents can be | ||
| − | found in BCP 78 and BCP 79. | + | found in [[BCP78|BCP 78]] and [[BCP79|BCP 79]]. |
Copies of IPR disclosures made to the IETF Secretariat and any | Copies of IPR disclosures made to the IETF Secretariat and any | ||
| Line 250: | Line 236: | ||
Funding for the RFC Editor function is provided by the IETF | Funding for the RFC Editor function is provided by the IETF | ||
Administrative Support Activity (IASA). | Administrative Support Activity (IASA). | ||
| + | |||
| + | [[Category:Informational]] | ||
Latest revision as of 11:41, 5 October 2020
Network Working Group K. Zeilenga Request for Comments: 4525 OpenLDAP Foundation Category: Informational June 2006
Lightweight Directory Access Protocol (LDAP)
Modify-Increment Extension
Status of This Memo
This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2006).
Abstract
This document describes an extension to the Lightweight Directory Access Protocol (LDAP) Modify operation to support an increment capability. This extension is useful in provisioning applications, especially when combined with the assertion control and/or the pre- read or post-read control extension.
Contents
Background and Intended Use
The Lightweight Directory Access Protocol (LDAP) RFC4510 does not currently provide an operation to increment values of an attribute. A client must read the values of the attribute and then modify those values to increment them by the desired amount. As the values may be updated by other clients between this add and modify, the client must
be careful to construct the modify request so that it fails in this case, and upon failure, to re-read the values and construct a new modify request.
This document extends the LDAP Modify Operation RFC4511 to support an increment values capability. This feature is intended to be used with either the LDAP pre-read or post-read control extensions RFC4527. This feature may also be used with the LDAP assertion control extension RFC4528 to provide test-and-increment functionality.
In this document key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" are to be interpreted as described in BCP 14 RFC2119.
The Modify-Increment Extension
This document extends the LDAP Modify request to support a increment values capability. Implementations of this extension SHALL support an additional ModifyRequest operation enumeration value increment (3), as described herein. Implementations not supporting this extension will treat this value as they would an unlisted value, e.g., as a protocol error.
The increment (3) operation value specifies that an increment values modification is requested. All existing values of the modification attribute are to be incremented by the listed value. The modification attribute must be appropriate for the request (e.g., it must have INTEGER or other increment-able values), and the modification must provide one and only one value. If the attribute is not appropriate for the request, a constraintViolation or other appropriate error is to be returned. If multiple values are provided, a protocolError is to be returned.
Servers supporting this feature SHOULD publish the object identifier (OID) 1.3.6.1.1.14 as a value of the 'supportedFeatures' RFC4512 attribute in the root DSE. Clients supporting this feature SHOULD NOT use the feature unless they know the server supports it.
LDIF Support
To represent Modify-Increment requests in LDAP Data Interchange Format RFC2849, the ABNF RFC4234 production <mod-spec> is extended as follows:
mod-spec =/ "increment:" FILL AttributeDescription SEP
attrval-spec "-" SEP
For example,
# Increment uidNumber dn: cn=max-assigned uidNumber,dc=example,dc=com changetype: modify increment: uidNumber uidNumber: 1 -
This LDIF fragment represents a Modify request to increment the value(s) of uidNumber by 1.
Security Considerations
General LDAP security considerations RFC4510, as well as those specific to the LDAP Modify RFC4511, apply to this Modify-Increment extension. Beyond these considerations, it is noted that introduction of this extension should reduce application complexity (by providing one operation for what presently requires multiple operations) and, hence, it may aid in the production of correct and secure implementations.
IANA Considerations
Registration of the following values RFC4520 have been completed.
Object Identifier
The IANA has assigned an LDAP Object Identifier to identify the LDAP Modify-Increment feature, as defined in this document.
Subject: Request for LDAP Object Identifier Registration
Person & email address to contact for further information:
Kurt Zeilenga <[email protected]>
Specification: RFC 4525
Author/Change Controller: Author
Comments:
Identifies the LDAP Modify-Increment feature
LDAP Protocol Mechanism
The following LDAP Protocol Mechanism has been registered.
Subject: Request for LDAP Protocol Mechanism Registration
Object Identifier: 1.3.6.1.1.14
Description: Modify-Increment
Person & email address to contact for further information:
Kurt Zeilenga <[email protected]>
Usage: Feature Specification: RFC 4525 Author/Change Controller: Kurt Zeilenga <[email protected]> Comments: none
LDAP Protocol Mechanism
The IANA has assigned an LDAP ModifyRequest Operation Type (3) RFC4520 for use in this document.
Subject: Request for LDAP Protocol Mechanism Registration
ModifyRequest Operation Name: increment
Description: Modify-Increment
Person & email address to contact for further information:
Kurt Zeilenga <[email protected]>
Usage: Feature
Specification: RFC 4525
Author/Change Controller: Kurt Zeilenga <[email protected]>
Comments: none
References
Normative References
RFC2119 Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
RFC4234 Crocker, D. and P. Overell, "Augmented BNF for Syntax
Specifications: ABNF", RFC 4234, October 2005.
RFC2849 Good, G., "The LDAP Data Interchange Format (LDIF) -
Technical Specification", RFC 2849, June 2000.
RFC4510 Zeilenga, K., Ed., "Lightweight Directory Access
Protocol (LDAP): Technical Specification Road Map", RFC
4510, June 2006.
RFC4511 Sermersheim, J., Ed., "Lightweight Directory Access
Protocol (LDAP): The Protocol", RFC 4511, June 2006.
RFC4512 Zeilenga, K., "Lightweight Directory Access Protocol
(LDAP): Directory Information Models", RFC 4512, June 2006.
Informative References
RFC4520 Zeilenga, K., "Internet Assigned Numbers Authority
(IANA) Considerations for the Lightweight Directory
Access Protocol (LDAP)", BCP 64, RFC 4520, June 2006.
RFC4527 Zeilenga, K., "Lightweight Directory Access Protocol
(LDAP) Read Entry Controls", RFC 4527, June 2006.
RFC4528 Zeilenga, K., "Lightweight Directory Access Protocol
(LDAP) Assertion Control", RFC 4528, June 2006.
Author's Address
Kurt D. Zeilenga OpenLDAP Foundation
EMail: [email protected]
Full Copyright Statement
Copyright (C) The Internet Society (2006).
This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights.
This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Intellectual Property
The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at [email protected].
Acknowledgement
Funding for the RFC Editor function is provided by the IETF Administrative Support Activity (IASA).
