Network Working Group J. Hodges
Request for Comments: 3377 Sun Microsystems Inc.
Category: Standards Track R. Morgan
University of Washington
September 2002
Network Working Group J. Hodges
Request for Comments: 3377 Sun Microsystems Inc.
Category: Standards Track R. Morgan
University of Washington
September 2002
Lightweight Directory Access Protocol (v3): Technical Specification
轻量级目录访问协议(v3):技术规范
Status of this Memo
本备忘录的状况
This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.
本文件规定了互联网社区的互联网标准跟踪协议,并要求进行讨论和提出改进建议。有关本协议的标准化状态和状态,请参考当前版本的“互联网官方协议标准”(STD 1)。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (C) The Internet Society (2002). All Rights Reserved.
版权所有(C)互联网协会(2002年)。版权所有。
Abstract
摘要
This document specifies the set of RFCs comprising the Lightweight Directory Access Protocol Version 3 (LDAPv3), and addresses the "IESG Note" attached to RFCs 2251 through 2256.
本文档指定了包含轻量级目录访问协议版本3(LDAPv3)的一组RFC,并说明了附加到RFC 2251到2256的“IESG注释”。
The specification for the Lightweight Directory Access Protocol version 3 (LDAPv3) nominally comprises eight RFCs which were issued in two distinct subsets at separate times -- RFCs 2251 through 2256 first, then RFCs 2829 and 2830 following later.
轻型目录访问协议版本3(LDAPv3)的规范名义上包括八个RFC,它们在不同的时间以两个不同的子集发布——首先是RFC 2251到2256,然后是RFC 2829和2830。
RFC 2251 through 2256 do not mandate the implementation of any satisfactory authentication mechanisms and hence were published with an "IESG Note" discouraging implementation and deployment of LDAPv3 clients or servers implementing update functionality until a Proposed Standard for mandatory authentication in LDAPv3 is published.
RFC 2251至2256不强制实施任何令人满意的认证机制,因此在发布LDAPv3中强制认证的拟议标准之前,发布了“IESG说明”,阻止实施和部署实现更新功能的LDAPv3客户端或服务器。
RFC 2829 was subsequently published in answer to the IESG Note.
RFC 2829随后作为对IESG注释的回应发布。
The purpose of this document is to explicitly specify the set of RFCs comprising LDAPv3, and formally address the IESG Note through explicit inclusion of RFC 2829.
本文件的目的是明确规定包含LDAPv3的一组RFC,并通过明确包含RFC 2829正式说明IESG注释。
The Lightweight Directory Access Protocol version 3 (LDAPv3) is specified by this set of nine RFCs:
轻量级目录访问协议版本3(LDAPv3)由以下九个RFC指定:
[RFC2251] Lightweight Directory Access Protocol (v3) [the specification of the LDAP on-the-wire protocol]
[RFC2251]轻量级目录访问协议(v3)[有线协议上LDAP的规范]
[RFC2252] Lightweight Directory Access Protocol (v3): Attribute Syntax Definitions
[RFC2252]轻型目录访问协议(v3):属性语法定义
[RFC2253] Lightweight Directory Access Protocol (v3): UTF-8 String Representation of Distinguished Names
[RFC2253]轻量级目录访问协议(v3):可分辨名称的UTF-8字符串表示
[RFC2254] The String Representation of LDAP Search Filters
[RFC2254]LDAP搜索筛选器的字符串表示形式
[RFC2255] The LDAP URL Format
[RFC2255]LDAP URL格式
[RFC2256] A Summary of the X.500(96) User Schema for use with LDAPv3
[RFC2256]用于LDAPv3的X.500(96)用户模式摘要
[RFC2829] Authentication Methods for LDAP
[RFC2829]LDAP的身份验证方法
[RFC2830] Lightweight Directory Access Protocol (v3): Extension for Transport Layer Security
[RFC2830]轻量级目录访问协议(v3):传输层安全性扩展
And, this document (RFC3377).
以及本文件(RFC3377)。
The term "LDAPv3" is often used informally to refer to the protocol specified by the above set of RFCs, or subsets thereof. However, the LDAPv3 protocol suite, as defined here, should be formally identified in other documents by a normative reference to this document.
术语“LDAPv3”通常非正式地用于指代上述一组RFC或其子集指定的协议。但是,此处定义的LDAPv3协议套件应通过对本文件的规范性引用在其他文件中正式标识。
The IESG approved publishing RFCs 2251 through 2256 with an attendant IESG Note included in each document. The Note begins with:
IESG批准发布RFC 2251至2256,并在每份文件中附上IESG注释。本说明以以下内容开头:
This document describes a directory access protocol that provides both read and update access. Update access requires secure authentication, but this document does not mandate implementation of any satisfactory authentication mechanisms.
本文档描述了一个目录访问协议,该协议提供读取和更新访问。更新访问需要安全身份验证,但本文档并不要求实现任何令人满意的身份验证机制。
The Note ends with this statement:
注释以以下语句结尾:
Implementors are hereby discouraged from deploying LDAPv3 clients or servers which implement the update functionality, until a Proposed Standard for mandatory authentication in LDAPv3 has been approved and published as an RFC.
在此不鼓励实施者部署实现更新功能的LDAPv3客户端或服务器,直到LDAPv3中的强制性身份验证建议标准获得批准并作为RFC发布。
[RFC2829] is expressly the "Proposed Standard for mandatory authentication in LDAPv3" called for in the Note. Thus, the IESG Note in [RFC2251], [RFC2252], [RFC2253], [RFC2254], [RFC2255], and [RFC2256] is addressed.
[RFC2829]是注释中明确要求的“LDAPv3中强制认证的拟议标准”。因此,解决了[RFC2251]、[RFC2252]、[RFC2253]、[RFC2254]、[RFC2255]和[RFC2256]中的IESG注释。
This document does not directly discuss security, although the context of the aforementioned IESG Note is security related, as is the manner in which it is addressed.
本文件不直接讨论安全性,尽管上述IESG说明的上下文与安全性相关,其处理方式也是如此。
Please refer to the referenced documents, especially [RFC2829], [RFC2251], and [RFC2830], for further information concerning LDAPv3 security.
有关LDAPv3安全性的更多信息,请参考参考文件,特别是[RFC2829]、[RFC2251]和[RFC2830]。
The authors thank Patrik Faltstrom, Leslie Daigle, Thomas Narten, and Kurt Zeilenga for their contributions to this document.
作者感谢Patrik Faltstrom、Leslie Daigle、Thomas Narten和Kurt Zeilenga对本文件的贡献。
[RFC2251] Wahl, M., Kille, S. and T. Howes, "Lightweight Directory Access Protocol (v3)", RFC 2251, December 1997.
[RFC2251]Wahl,M.,Kille,S.和T.Howes,“轻量级目录访问协议(v3)”,RFC 2251,1997年12月。
[RFC2252] Wahl, M., Coulbeck, A., Howes, T. and S. Kille, "Lightweight Directory Access Protocol (v3): Attribute Syntax Definitions", RFC 2252, December 1997.
[RFC2252]Wahl,M.,Coulbeck,A.,Howes,T.和S.Kille,“轻量级目录访问协议(v3):属性语法定义”,RFC2252,1997年12月。
[RFC2253] Kille, S., Wahl, M. and T. Howes, "Lightweight Directory Access Protocol (v3): UTF-8 String Representation of Distinguished Names", RFC 2253, December 1997.
[RFC2253]Kille,S.,Wahl,M.和T.Howes,“轻量级目录访问协议(v3):可分辨名称的UTF-8字符串表示”,RFC 2253,1997年12月。
[RFC2254] Howes, T., "The String Representation of LDAP Search Filters", RFC 2254, December 1997.
[RFC2254]Howes,T.,“LDAP搜索过滤器的字符串表示”,RFC2254,1997年12月。
[RFC2255] Howes, T. and M. Smith, "The LDAP URL Format", RFC 2255, December 1997.
[RFC2255]Howes,T.和M.Smith,“LDAP URL格式”,RFC2255,1997年12月。
[RFC2256] Wahl, M., "A Summary of the X.500(96) User Schema for use with LDAPv3", RFC 2256, December 1997.
[RFC2256]Wahl,M.,“用于LDAPv3的X.500(96)用户模式摘要”,RFC 2256,1997年12月。
[RFC2829] Wahl, M., Alvestrand, H., Hodges, J. and R. Morgan, "Authentication Methods for LDAP", RFC 2829, May 2000.
[RFC2829]Wahl,M.,Alvestrand,H.,Hodges,J.和R.Morgan,“LDAP的身份验证方法”,RFC 28292000年5月。
[RFC2830] Hodges, J., Morgan, R. and M. Wahl, "Lightweight Directory Access Protocol (v3): Extension for Transport Layer Security", RFC 2830, May 2000.
[RFC2830]Hodges,J.,Morgan,R.和M.Wahl,“轻量级目录访问协议(v3):传输层安全扩展”,RFC 28302000年5月。
The IETF takes no position regarding the validity or scope of any intellectual property or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; neither does it represent that it has made any effort to identify any such rights. Information on the IETF's procedures with respect to rights in standards-track and standards-related documentation can be found in BCP-11. Copies of claims of rights made available for publication and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementors or users of this specification can be obtained from the IETF Secretariat.
IETF对可能声称与本文件所述技术的实施或使用有关的任何知识产权或其他权利的有效性或范围,或此类权利下的任何许可可能或可能不可用的程度,不采取任何立场;它也不表示它已作出任何努力来确定任何此类权利。有关IETF在标准跟踪和标准相关文件中权利的程序信息,请参见BCP-11。可从IETF秘书处获得可供发布的权利声明副本和任何许可证保证,或本规范实施者或用户试图获得使用此类专有权利的一般许可证或许可的结果。
The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights which may cover technology that may be required to practice this standard. Please address the information to the IETF Executive Director.
IETF邀请任何相关方提请其注意任何版权、专利或专利申请,或其他可能涉及实施本标准所需技术的专有权利。请将信息发送给IETF执行董事。
Jeff Hodges Sun Microsystems, Inc. 901 San Antonio Road, USCA22-212 Palo Alto, CA 94303 USA
Jeff Hodges Sun Microsystems,Inc.美国加利福尼亚州帕洛阿尔托市圣安东尼奥路901号,邮编:94303
Phone: +1-408-276-5467
EMail: Jeff.Hodges@sun.com
Phone: +1-408-276-5467
EMail: Jeff.Hodges@sun.com
RL "Bob" Morgan Computing and Communications University of Washington Seattle, WA USA
美国华盛顿大学西雅图分校摩根计算与通信
Phone: +1-206-221-3307
EMail: rlmorgan@washington.edu
Phone: +1-206-221-3307
EMail: rlmorgan@washington.edu
Copyright (C) The Internet Society (2002). All Rights Reserved.
版权所有(C)互联网协会(2002年)。版权所有。
This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English.
本文件及其译本可复制并提供给他人,对其进行评论或解释或协助其实施的衍生作品可全部或部分编制、复制、出版和分发,不受任何限制,前提是上述版权声明和本段包含在所有此类副本和衍生作品中。但是,不得以任何方式修改本文件本身,例如删除版权通知或对互联网协会或其他互联网组织的引用,除非出于制定互联网标准的需要,在这种情况下,必须遵循互联网标准过程中定义的版权程序,或根据需要将其翻译成英语以外的其他语言。
The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns.
上述授予的有限许可是永久性的,互联网协会或其继承人或受让人不会撤销。
This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
本文件和其中包含的信息是按“原样”提供的,互联网协会和互联网工程任务组否认所有明示或暗示的保证,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。
Acknowledgement
确认
Funding for the RFC Editor function is currently provided by the Internet Society.
RFC编辑功能的资金目前由互联网协会提供。