Network Working Group K. Zeilenga Request for Comments: 4526 OpenLDAP Foundation Category: Standards Track June 2006
Network Working Group K. Zeilenga Request for Comments: 4526 OpenLDAP Foundation Category: Standards Track June 2006
Lightweight Directory Access Protocol (LDAP) Absolute True and False Filters
轻量级目录访问协议(LDAP)绝对正确和错误筛选器
Status of This Memo
关于下段备忘
This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.
本文件规定了互联网社区的互联网标准跟踪协议,并要求进行讨论和提出改进建议。有关本协议的标准化状态和状态,请参考当前版本的“互联网官方协议标准”(STD 1)。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (C) The Internet Society (2006).
版权所有(C)互联网协会(2006年)。
Abstract
摘要
This document extends the Lightweight Directory Access Protocol (LDAP) to support absolute True and False filters based upon similar capabilities found in X.500 directory systems. The document also extends the String Representation of LDAP Search Filters to support these filters.
本文档扩展了轻量级目录访问协议(LDAP),以支持基于X.500目录系统中类似功能的绝对正确和错误过滤器。该文档还扩展了LDAP搜索筛选器的字符串表示形式,以支持这些筛选器。
Table of Contents
目录
1. Background ......................................................1 2. Absolute True and False Filters .................................2 3. Security Considerations .........................................2 4. IANA Considerations .............................................3 5. References ......................................................3 5.1. Normative References .......................................3 5.2. Informative References .....................................3
1. Background ......................................................1 2. Absolute True and False Filters .................................2 3. Security Considerations .........................................2 4. IANA Considerations .............................................3 5. References ......................................................3 5.1. Normative References .......................................3 5.2. Informative References .....................................3
The X.500 Directory Access Protocol (DAP) [X.511] supports absolute True and False assertions. An 'and' filter with zero elements always evaluates to True. An 'or' filter with zero elements always evaluates to False. These filters are commonly used when requesting DSA-specific Entries (DSEs) that do not necessarily have 'objectClass' attributes; that is, where "(objectClass=*)" may evaluate to False.
X.500目录访问协议(DAP)[X.511]支持绝对正确和错误断言。具有零元素的“and”筛选器的计算结果始终为True。元素为零的“或”筛选器的计算结果始终为False。这些过滤器通常用于请求不一定具有“objectClass”属性的DSA特定条目(DSE);也就是说,其中“(objectClass=*)”的计算结果可能为False。
Although LDAPv2 [RFC1777][RFC3494] placed no restriction on the number of elements in 'and' and 'or' filter sets, the LDAPv2 string representation [RFC1960][RFC3494] could not represent empty 'and' and 'or' filter sets. Due to this, absolute True or False filters were (unfortunately) eliminated from LDAPv3 [RFC4510].
尽管LDAPv2[RFC1777][RFC3494]对“and”和“and”或“or”过滤器集中的元素数量没有限制,但LDAPv2字符串表示法[RFC1960][RFC3494]不能表示空的“and”和“and”或“or”过滤器集。因此,LDAPv3[RFC4510]中(不幸地)消除了绝对真或假过滤器。
This documents extends LDAPv3 to support absolute True and False assertions by allowing empty 'and' and 'or' in Search filters [RFC4511] and extends the filter string representation [RFC4515] to allow empty filter lists.
本文档通过允许搜索筛选器[RFC4511]中的空“and”和“and”或“or”,扩展了LDAPv3以支持绝对正确和错误断言,并扩展了筛选器字符串表示[RFC4515]以允许空筛选器列表。
It is noted that certain search operations, such as those used to retrieve subschema information [RFC4512], require use of particular filters. This document does not change these requirements.
需要注意的是,某些搜索操作,例如用于检索子模式信息[RFC4512]的搜索操作,需要使用特定的过滤器。本文件不改变这些要求。
This feature is intended to allow a more direct mapping between DAP and LDAP (as needed to implement DAP-to-LDAP gateways).
此功能旨在允许DAP和LDAP之间更直接的映射(根据需要实现DAP到LDAP网关)。
In this document, the key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" are to be interpreted as described in BCP 14 [RFC2119].
在本文件中,关键词“必须”、“不得”、“必需”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照BCP 14[RFC2119]中的说明进行解释。
Implementations of this extension SHALL allow 'and' and 'or' choices with zero filter elements.
此扩展的实现应允许零滤芯的“和”和“或”选择。
An 'and' filter consisting of an empty set of filters SHALL evaluate to True. This filter is represented by the string "(&)".
由一组空过滤器组成的“和”过滤器应评估为真。此筛选器由字符串“(&)”表示。
An 'or' filter consisting of an empty set of filters SHALL evaluate to False. This filter is represented by the string "(|)".
由一组空过滤器组成的“或”过滤器应评估为假。此筛选器由字符串“(|”)”表示。
Servers supporting this feature SHOULD publish the Object Identifier 1.3.6.1.4.1.4203.1.5.3 as a value of the 'supportedFeatures' [RFC4512] attribute in the root DSE.
支持此功能的服务器应将对象标识符1.3.6.1.4.1.4203.1.5.3发布为根DSE中“supportedFeatures”[RFC4512]属性的值。
Clients supporting this feature SHOULD NOT use the feature unless they know that the server supports it.
支持此功能的客户端不应使用此功能,除非他们知道服务器支持此功能。
The (re)introduction of absolute True and False filters is not believed to raise any new security considerations.
绝对真假过滤器的(重新)引入被认为不会引起任何新的安全考虑。
Implementors of this (or any) LDAPv3 extension should be familiar with general LDAPv3 security considerations [RFC4510].
此(或任何)LDAPv3扩展的实现者应该熟悉LDAPv3的一般安全注意事项[RFC4510]。
Registration of this feature has been completed by the IANA [RFC4520].
IANA[RFC4520]已完成此功能的注册。
Subject: Request for LDAP Protocol Mechanism Registration Object Identifier: 1.3.6.1.4.1.4203.1.5.3 Description: True/False filters Person & email address to contact for further information: Kurt Zeilenga <kurt@openldap.org> Usage: Feature Specification: RFC 4526 Author/Change Controller: IESG Comments: none
Subject: Request for LDAP Protocol Mechanism Registration Object Identifier: 1.3.6.1.4.1.4203.1.5.3 Description: True/False filters Person & email address to contact for further information: Kurt Zeilenga <kurt@openldap.org> Usage: Feature Specification: RFC 4526 Author/Change Controller: IESG Comments: none
This OID was assigned [ASSIGN] by OpenLDAP Foundation, under its IANA-assigned private enterprise allocation [PRIVATE], for use in this specification.
此OID由OpenLDAP基金会指派(赋值),在其IANA分配的私有企业分配(私有)下,用于本规范中。
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。
[RFC4510] Zeilenga, K., Ed, "Lightweight Directory Access Protocol (LDAP): Technical Specification Road Map", RFC 4510, June 2006.
[RFC4510]Zeilenga,K.,Ed,“轻量级目录访问协议(LDAP):技术规范路线图”,RFC45102006年6月。
[RFC4511] Sermersheim, J., Ed., "Lightweight Directory Access Protocol (LDAP): The Protocol", RFC 4511, June 2006.
[RFC4511]Sermersheim,J.,Ed.,“轻量级目录访问协议(LDAP):协议”,RFC4511,2006年6月。
[RFC4512] Zeilenga, K., "Lightweight Directory Access Protocol (LDAP): Directory Information Models", RFC 4512, June 2006.
[RFC4512]Zeilenga,K.,“轻量级目录访问协议(LDAP):目录信息模型”,RFC4512,2006年6月。
[RFC4515] Smith, M., Ed. and T. Howes, "Lightweight Directory Access Protocol (LDAP): String Representation of Search Filters", RFC 4515, June 2006.
[RFC4515]Smith,M.,Ed.和T.Howes,“轻量级目录访问协议(LDAP):搜索过滤器的字符串表示”,RFC45152006年6月。
[RFC1777] Yeong, W., Howes, T., and S. Kille, "Lightweight Directory Access Protocol", RFC 1777, March 1995.
[RFC1777]Yeong,W.,Howes,T.,和S.Kille,“轻量级目录访问协议”,RFC 17771995年3月。
[RFC1960] Howes, T., "A String Representation of LDAP Search Filters", RFC 1960, June 1996.
[RFC1960]Howes,T.,“LDAP搜索过滤器的字符串表示”,RFC1960,1996年6月。
[RFC3494] Zeilenga, K., "Lightweight Directory Access Protocol version 2 (LDAPv2) to Historic Status", RFC 3494, March 2003.
[RFC3494]Zeilenga,K.,“轻型目录访问协议版本2(LDAPv2)到历史状态”,RFC 34942003年3月。
[RFC4520] Zeilenga, K., "Internet Assigned Numbers Authority (IANA) Considerations for the Lightweight Directory Access Protocol (LDAP)", BCP 64, RFC 4520, June 2006.
[RFC4520]Zeilenga,K.,“轻量级目录访问协议(LDAP)的互联网分配号码管理局(IANA)注意事项”,BCP 64,RFC 4520,2006年6月。
[X.500] International Telecommunication Union - Telecommunication Standardization Sector, "The Directory -- Overview of concepts, models and services," X.500(1993) (also ISO/IEC 9594-1:1994).
[X.500]国际电信联盟-电信标准化部门,“目录——概念、模型和服务概述”,X.500(1993)(也指ISO/IEC 9594-1:1994)。
[X.501] International Telecommunication Union - Telecommunication Standardization Sector, "The Directory -- Models," X.501(1993) (also ISO/IEC 9594- 2:1994).
[X.501]国际电信联盟-电信标准化部门,“目录——模型”,X.501(1993)(也指ISO/IEC 9594-2:1994)。
[X.511] International Telecommunication Union - Telecommunication Standardization Sector, "The Directory: Abstract Service Definition", X.511(1993) (also ISO/IEC 9594-3:1993).
[X.511]国际电信联盟-电信标准化部门,“目录:抽象服务定义”,X.511(1993)(也称ISO/IEC 9594-3:1993)。
[ASSIGN] OpenLDAP Foundation, "OpenLDAP OID Delegations", http://www.openldap.org/foundation/oid-delegate.txt.
[分配] OpenLDAP基金会,“OpenLDAP类委托”,http://www.openldap.org/foundation/oid-delegate.txt.
[PRIVATE] IANA, "Private Enterprise Numbers", http://www.iana.org/assignments/enterprise-numbers.
[私人]IANA,“私人企业编号”,http://www.iana.org/assignments/enterprise-numbers.
Author's Address
作者地址
Kurt D. Zeilenga OpenLDAP Foundation
库尔特D.Zeeliga OpenLDAP基金会
EMail: Kurt@OpenLDAP.org
EMail: Kurt@OpenLDAP.org
Full Copyright Statement
完整版权声明
Copyright (C) The Internet Society (2006).
版权所有(C)互联网协会(2006年)。
This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights.
本文件受BCP 78中包含的权利、许可和限制的约束,除其中规定外,作者保留其所有权利。
This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
本文件及其包含的信息是按“原样”提供的,贡献者、他/她所代表或赞助的组织(如有)、互联网协会和互联网工程任务组不承担任何明示或暗示的担保,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。
Intellectual Property
知识产权
The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79.
IETF对可能声称与本文件所述技术的实施或使用有关的任何知识产权或其他权利的有效性或范围,或此类权利下的任何许可可能或可能不可用的程度,不采取任何立场;它也不表示它已作出任何独立努力来确定任何此类权利。有关RFC文件中权利的程序信息,请参见BCP 78和BCP 79。
Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr.
向IETF秘书处披露的知识产权副本和任何许可证保证,或本规范实施者或用户试图获得使用此类专有权利的一般许可证或许可的结果,可从IETF在线知识产权存储库获取,网址为http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org.
IETF邀请任何相关方提请其注意任何版权、专利或专利申请,或其他可能涵盖实施本标准所需技术的专有权利。请将信息发送至IETF的IETF-ipr@ietf.org.
Acknowledgement
确认
Funding for the RFC Editor function is provided by the IETF Administrative Support Activity (IASA).
RFC编辑器功能的资金由IETF行政支持活动(IASA)提供。