Network Working Group K. Zeilenga
Request for Comments: 3674 OpenLDAP Foundation
Category: Standards Track December 2003
Network Working Group K. Zeilenga
Request for Comments: 3674 OpenLDAP Foundation
Category: Standards Track December 2003
Feature Discovery in Lightweight Directory Access Protocol (LDAP)
轻量级目录访问协议(LDAP)中的功能发现
Status of this Memo
本备忘录的状况
This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.
本文件规定了互联网社区的互联网标准跟踪协议,并要求进行讨论和提出改进建议。有关本协议的标准化状态和状态,请参考当前版本的“互联网官方协议标准”(STD 1)。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (C) The Internet Society (2003). All Rights Reserved.
版权所有(C)互联网协会(2003年)。版权所有。
Abstract
摘要
The Lightweight Directory Access Protocol (LDAP) is an extensible protocol with numerous elective features. This document introduces a general mechanism for discovery of elective features and extensions which cannot be discovered using existing mechanisms.
轻量级目录访问协议(LDAP)是一种具有许多可选功能的可扩展协议。本文档介绍了一种通用机制,用于发现使用现有机制无法发现的可选功能和扩展。
The Lightweight Directory Access Protocol (LDAP) [RFC3377] is an extensible protocol with numerous elective features. LDAP provides mechanisms for a client to discover supported protocol versions, controls, extended operations, Simple Authentication and Security Layer (SASL) mechanisms, and subschema information. However, these mechanisms are not designed to support general feature discovery.
轻量级目录访问协议(LDAP)[RFC3377]是一个具有许多可选功能的可扩展协议。LDAP为客户端提供了发现受支持的协议版本、控件、扩展操作、简单身份验证和安全层(SASL)机制以及子模式信息的机制。然而,这些机制并不是为了支持一般的特征发现而设计的。
This document describes a simple, general-purpose mechanism which clients may use to discover the set of elective features supported by a server. For example, this mechanism could be used by a client to discover whether or not the server supports requests for all operational attributes, e.g., "+" [RFC3673]. As another example, this mechanism could be used to discover absolute true, e.g., "(&)" and false, e.g., "(|)", search filters [T-F] support.
本文档描述了一种简单、通用的机制,客户端可以使用该机制来发现服务器支持的一组可选功能。例如,客户端可以使用此机制来发现服务器是否支持对所有操作属性的请求,例如“+”[RFC3673]。作为另一个例子,该机制可用于发现绝对真,例如“(&)”和假,例如“(|)”,搜索过滤器[T-F]支持。
This document extends the LDAP Protocol Mechanism registry [RFC3383] to support registration of values of the supportedFeatures attribute. This registry is managed by the Internet Assigned Numbers Authority (IANA).
本文档扩展了LDAP协议机制注册表[RFC3383],以支持注册supportedFeatures属性的值。此注册表由Internet分配号码管理局(IANA)管理。
Schema definitions are provided using LDAP description formats [RFC2252]. Definitions provided here are formatted (line wrapped) for readability.
模式定义使用LDAP描述格式[RFC2252]提供。为了便于阅读,这里提供的定义是格式化的(换行)。
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119].
本文件中的关键词“必须”、“不得”、“必需”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照BCP 14[RFC2119]中所述进行解释。
Each elective feature whose support may be discovered SHALL be identified by an Object Identifier (OID). A server advertises its support for a given feature by providing the OID associated with the feature as a value of the 'supportedFeatures' attribute held in the root DSE. A client may examine the values of this attribute to determine if a particular feature is supported by the server. A client MUST ignore values it doesn't recognize as they refer to elective features it doesn't implement.
每个可发现其支持的可选特征应通过对象标识符(OID)进行标识。服务器通过提供与功能相关联的OID作为根DSE中保存的“supportedFeatures”属性的值来宣传其对给定功能的支持。客户端可以检查此属性的值,以确定服务器是否支持特定功能。客户端必须忽略它无法识别的值,因为这些值引用了它无法实现的可选功能。
Features associated with Standard Track protocol mechanisms MUST be registered. Features associated with other protocol mechanisms SHOULD be registered. Procedures for registering protocol mechanisms are described in BCP 64 [RFC3383]. The word "Feature" should be placed in the usage field of the submitted LDAP Protocol Mechanism template.
必须注册与标准跟踪协议机制关联的功能。应注册与其他协议机制关联的功能。BCP 64[RFC3383]中描述了注册协议机制的过程。单词“Feature”应该放在提交的LDAP协议机制模板的usage字段中。
The 'supportedFeatures' attribute type is described as follows:
“supportedFeatures”属性类型描述如下:
( 1.3.6.1.4.1.4203.1.3.5 NAME 'supportedFeatures' DESC 'features supported by the server' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation )
(1.3.6.1.4.1.4203.1.3.5名称“supportedFeatures”描述服务器“EQUALITY objectIdentifierMatch语法1.3.6.1.4.1.1466.115.121.1.38用法dSAOperation”支持的功能)
Servers MUST be capable of recognizing this attribute type by the name 'supportedFeatures'. Servers MAY recognize the attribute type by other names.
服务器必须能够通过名称“supportedFeatures”识别此属性类型。服务器可以通过其他名称识别属性类型。
As rogue clients can discover features of a server by other means (such as by trial and error), this feature discovery mechanism is not believed to introduce any new security risk to LDAP.
由于恶意客户端可以通过其他方式(如通过试错)发现服务器的功能,因此不认为此功能发现机制会给LDAP带来任何新的安全风险。
Future specifications detailing LDAP features are to register each feature as a LDAP Protocol Mechanism per guidance given in BCP 64 [RFC3383]. A usage of "Feature" in a Protocol Mechanism registration template indicates that the value to be registered is associated with an LDAP feature.
详细说明LDAP功能的未来规范将根据BCP 64[RFC3383]中给出的指南将每个功能注册为LDAP协议机制。在协议机制注册模板中使用“Feature”表示要注册的值与LDAP功能关联。
The IANA has registered the LDAP 'supportedFeatures' descriptor. The following registration template is suggested:
IANA已注册LDAP“supportedFeatures”描述符。建议使用以下注册模板:
Subject: Request for LDAP Descriptor Registration
Descriptor (short name): supportedFeatures
Object Identifier: 1.3.6.1.4.1.4203.1.3.5
Person & email address to contact for further information:
Kurt Zeilenga <kurt@OpenLDAP.org>
Usage: Attribute Type
Specification: RFC 3674
Author/Change Controller: IESG
Subject: Request for LDAP Descriptor Registration
Descriptor (short name): supportedFeatures
Object Identifier: 1.3.6.1.4.1.4203.1.3.5
Person & email address to contact for further information:
Kurt Zeilenga <kurt@OpenLDAP.org>
Usage: Attribute Type
Specification: RFC 3674
Author/Change Controller: IESG
This OID was assigned [ASSIGN] by OpenLDAP Foundation under its IANA assigned private enterprise allocation [PRIVATE] for use in this specification.
这个OID由OpenLDAP基金会在其指定的IANA分配的私有企业分配[私有]下分配[分配]。
This document is based upon input from the IETF LDAPEXT working group.
本文件基于IETF LDAPEXT工作组的输入。
The IETF takes no position regarding the validity or scope of any intellectual property or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; neither does it represent that it has made any effort to identify any such rights. Information on the IETF's procedures with respect to rights in standards-track and standards-related documentation can be found in BCP-11. Copies of claims of rights made available for publication and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementors or users of this specification can be obtained from the IETF Secretariat.
IETF对可能声称与本文件所述技术的实施或使用有关的任何知识产权或其他权利的有效性或范围,或此类权利下的任何许可可能或可能不可用的程度,不采取任何立场;它也不表示它已作出任何努力来确定任何此类权利。有关IETF在标准跟踪和标准相关文件中权利的程序信息,请参见BCP-11。可从IETF秘书处获得可供发布的权利声明副本和任何许可证保证,或本规范实施者或用户试图获得使用此类专有权利的一般许可证或许可的结果。
The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights which may cover technology that may be required to practice this standard. Please address the information to the IETF Executive Director.
IETF邀请任何相关方提请其注意任何版权、专利或专利申请,或其他可能涉及实施本标准所需技术的专有权利。请将信息发送给IETF执行董事。
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。
[RFC2252] Wahl, M., Coulbeck, A., Howes, T. and S. Kille, "Lightweight Directory Access Protocol (v3): Attribute Syntax Definitions", RFC 2252, December 1997.
[RFC2252]Wahl,M.,Coulbeck,A.,Howes,T.和S.Kille,“轻量级目录访问协议(v3):属性语法定义”,RFC2252,1997年12月。
[RFC3377] Hodges, J. and R. Morgan, "Lightweight Directory Access Protocol (v3): Technical Specification", RFC 3377, September 2002.
[RFC3377]Hodges,J.和R.Morgan,“轻量级目录访问协议(v3):技术规范”,RFC 3377,2002年9月。
[RFC3383] Zeilenga, K., "Internet Assigned Numbers Authority (IANA) Considerations for Lightweight Directory Access Protocol (LDAP)", BCP 64, RFC 3383, September 2002.
[RFC3383]Zeilenga,K.,“轻量级目录访问协议(LDAP)的互联网分配号码管理局(IANA)注意事项”,BCP 64,RFC 3383,2002年9月。
[RFC3673] Zeilenga, K., "Lightweight Directory Access Protocol version 3 (LDAPv3): All Operational Attributes", RFC 3673, December 2003.
[RFC3673]Zeilenga,K.,“轻型目录访问协议版本3(LDAPv3):所有操作属性”,RFC 36732003年12月。
[T-F] Zeilenga, K., "LDAP True/False Filters", Work in Progress.
[T-F]Zeilenga,K.,“LDAP真/假过滤器”,正在进行中。
[ASSIGN] OpenLDAP Foundation, "OpenLDAP OID Delegations", http://www.openldap.org/foundation/oid-delegate.txt.
[分配] OpenLDAP基金会,“OpenLDAP类委托”,http://www.openldap.org/foundation/oid-delegate.txt.
[PRIVATE] IANA, "Private Enterprise Numbers", http://www.iana.org/assignments/enterprise-numbers.
[私人]IANA,“私人企业编号”,http://www.iana.org/assignments/enterprise-numbers.
Kurt D. Zeilenga OpenLDAP Foundation
库尔特D.Zeeliga OpenLDAP基金会
EMail: Kurt@OpenLDAP.org
EMail: Kurt@OpenLDAP.org
Copyright (C) The Internet Society (2003). All Rights Reserved.
版权所有(C)互联网协会(2003年)。版权所有。
This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English.
本文件及其译本可复制并提供给他人,对其进行评论或解释或协助其实施的衍生作品可全部或部分编制、复制、出版和分发,不受任何限制,前提是上述版权声明和本段包含在所有此类副本和衍生作品中。但是,不得以任何方式修改本文件本身,例如删除版权通知或对互联网协会或其他互联网组织的引用,除非出于制定互联网标准的需要,在这种情况下,必须遵循互联网标准过程中定义的版权程序,或根据需要将其翻译成英语以外的其他语言。
The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assignees.
上述授予的有限许可是永久性的,互联网协会或其继承人或受让人不会撤销。
This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
本文件和其中包含的信息是按“原样”提供的,互联网协会和互联网工程任务组否认所有明示或暗示的保证,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。
Acknowledgement
确认
Funding for the RFC Editor function is currently provided by the Internet Society.
RFC编辑功能的资金目前由互联网协会提供。