Network Working Group K. Zeilenga Request for Comments: 4529 OpenLDAP Foundation Category: Informational June 2006
Network Working Group K. Zeilenga Request for Comments: 4529 OpenLDAP Foundation Category: Informational June 2006
Requesting Attributes by Object Class in the Lightweight Directory Access Protocol (LDAP)
在轻量级目录访问协议(LDAP)中按对象类请求属性
Status of This Memo
关于下段备忘
This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited.
本备忘录为互联网社区提供信息。它没有规定任何类型的互联网标准。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (C) The Internet Society (2006).
版权所有(C)互联网协会(2006年)。
Abstract
摘要
The Lightweight Directory Access Protocol (LDAP) search operation provides mechanisms for clients to request all user application attributes, all operational attributes, and/or attributes selected by their description. This document extends LDAP to support a mechanism that LDAP clients may use to request the return of all attributes of an object class.
轻量级目录访问协议(LDAP)搜索操作为客户端提供了请求所有用户应用程序属性、所有操作属性和/或由其描述选择的属性的机制。本文档扩展了LDAP,以支持LDAP客户端可用于请求返回对象类的所有属性的机制。
Table of Contents
目录
1. Background and Intended Use .....................................1 2. Terminology .....................................................2 3. Return of all Attributes of an Object Class .....................2 4. Security Considerations .........................................3 5. IANA Considerations .............................................3 6. References ......................................................4 6.1. Normative References .......................................4 6.2. Informative References .....................................4
1. Background and Intended Use .....................................1 2. Terminology .....................................................2 3. Return of all Attributes of an Object Class .....................2 4. Security Considerations .........................................3 5. IANA Considerations .............................................3 6. References ......................................................4 6.1. Normative References .......................................4 6.2. Informative References .....................................4
In the Lightweight Directory Access Protocol (LDAP) [RFC4510], the search operation [RFC4511] supports requesting the return of a set of attributes. This set is determined by a list of attribute descriptions. Two special descriptors are defined to request all user attributes ("*") [RFC4511] and all operational attributes ("+") [RFC3673]. However, there is no convenient mechanism for requesting pre-defined sets of attributes such as the set of attributes used to represent a particular class of object.
在轻量级目录访问协议(LDAP)[RFC4510]中,搜索操作[RFC4511]支持请求返回一组属性。此集合由属性描述列表确定。定义了两个特殊描述符来请求所有用户属性(“*”[RFC4511]和所有操作属性(“+”[RFC3673])。但是,没有方便的机制来请求预定义的属性集,例如用于表示特定对象类的属性集。
This document extends LDAP to allow an object class identifier to be specified in attributes lists, such as in Search requests, to request the return of all attributes belonging to an object class. The COMMERCIAL AT ("@", U+0040) character is used to distinguish an object class identifier from an attribute descriptions.
本文档扩展了LDAP,允许在属性列表(如搜索请求)中指定对象类标识符,以请求返回属于对象类的所有属性。商业AT(“@”,U+0040)字符用于区分对象类标识符和属性描述。
For example, the attribute list of "@country" is equivalent to the attribute list of 'c', 'searchGuide', 'description', and 'objectClass'. This object class is described in [RFC4519].
例如,“@country”的属性列表相当于“c”、“searchGuide”、“description”和“objectClass”的属性列表。[RFC4519]中描述了该对象类。
This extension is intended primarily to be used where the user is in direct control of the parameters of the LDAP search operation, for instance when entering an LDAP URL [RFC4516] into a web browser, such as <ldap:///dc=example,dc=com?@organization?base>.
此扩展主要用于用户直接控制LDAP搜索操作参数的情况,例如在web浏览器中输入LDAP URL[RFC4516]时,例如<ldap:///dc=example,dc=com?@organization?base>。
In this document, the key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" are to be interpreted as described in BCP 14 [RFC2119].
在本文件中,关键词“必须”、“不得”、“必需”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照BCP 14[RFC2119]中的说明进行解释。
DSA stands for Directory System Agent (or server). DSE stands for DSA-specific Entry.
DSA代表目录系统代理(或服务器)。DSE代表DSA特定条目。
This extension allows object class identifiers to be provided in the attributes field of the LDAP SearchRequest [RFC4511] or other request values of the AttributeSelection data type (e.g., attributes field in pre/post read controls [ReadEntry]) and/or <attributeSelector> production (e.g., attributes of an LDAP URL [RFC4516]). For each object class identified in the attributes field, the request is to be treated as if each attribute allowed by that class (by "MUST" or "MAY", directly or by "SUP"erior) [RFC4512] were itself listed.
此扩展允许在LDAP SearchRequest[RFC4511]的attributes字段或AttributeSelection数据类型的其他请求值(例如,读前/读后控件[ReadEntry]中的attributes字段)和/或<attributeSelector>production(例如,LDAP URL[RFC4516]的属性)中提供对象类标识符。对于属性字段中标识的每个对象类,该请求将被视为该类(通过“必须”或“可能”、直接或通过“辅助”[RFC4512]允许的每个属性本身都被列出。
This extension extends the <attributeSelector> [RFC4511] production as indicated by the following ABNF [RFC4234]:
此扩展扩展扩展了<attributeSelector>[RFC4511]产品,如以下ABNF[RFC4234]所示:
attributeSelector =/ objectclassdescription objectclassdescription = ATSIGN oid options ATSIGN = %x40 ; COMMERCIAL AT ("@" U+0040)
attributeSelector =/ objectclassdescription objectclassdescription = ATSIGN oid options ATSIGN = %x40 ; COMMERCIAL AT ("@" U+0040)
where <oid> and <options> productions are as defined in [RFC4512].
其中,<oid>和<options>产品如[RFC4512]中所定义。
The <oid> component of an <objectclassdescription> production identifies the object class by short name (descr) or object identifier (numericoid). If the value of the <oid> component is unrecognized or does not refer to an object class, the object class description is to be treated as an unrecognized attribute description.
<objectclassdescription>产品的<oid>组件通过短名称(descr)或对象标识符(numericoid)标识对象类。如果<oid>组件的值无法识别或未引用对象类,则对象类描述将被视为无法识别的属性描述。
The <options> production is included in the grammar for extensibility purposes. An object class description with an unrecognized or inappropriate option is to be treated as unrecognized.
出于可扩展性的目的,<options>产品包含在语法中。带有无法识别或不适当选项的对象类描述将被视为无法识别。
Although object class description options and attribute description options share the same syntax, they are not semantically related. This document does not define any object description option.
尽管对象类描述选项和属性描述选项共享相同的语法,但它们在语义上并不相关。本文档未定义任何对象描述选项。
Servers supporting this feature SHOULD publish the object identifier (OID) 1.3.6.1.4.1.4203.1.5.2 as a value of the 'supportedFeatures' [RFC4512] attribute in the root DSE. Clients supporting this feature SHOULD NOT use the feature unless they know that the server supports it.
支持此功能的服务器应将对象标识符(OID)1.3.6.1.4.1.4203.1.5.2作为根DSE中“supportedFeatures”[RFC4512]属性的值发布。支持此功能的客户端不应使用此功能,除非他们知道服务器支持此功能。
This extension provides a shorthand for requesting all attributes of an object class. Because these attributes could have been listed individually, introduction of this shorthand is not believed to raise additional security considerations.
此扩展为请求对象类的所有属性提供了简写。因为这些属性可以单独列出,所以这种速记的引入不会引起额外的安全考虑。
Implementors of this LDAP extension should be familiar with security considerations applicable to the LDAP search operation [RFC4511], as well as with general LDAP security considerations [RFC4510].
此LDAP扩展的实现者应该熟悉适用于LDAP搜索操作的安全注意事项[RFC4511],以及一般LDAP安全注意事项[RFC4510]。
Registration of the LDAP Protocol Mechanism [RFC4520] defined in this document has been completed.
已完成本文档中定义的LDAP协议机制[RFC4520]的注册。
Subject: Request for LDAP Protocol Mechanism Registration Object Identifier: 1.3.6.1.4.1.4203.1.5.2 Description: OC AD Lists Person & email address to contact for further information: Kurt Zeilenga <kurt@openldap.org> Usage: Feature Specification: RFC 4529 Author/Change Controller: Kurt Zeilenga <kurt@openldap.org> Comments: none
Subject: Request for LDAP Protocol Mechanism Registration Object Identifier: 1.3.6.1.4.1.4203.1.5.2 Description: OC AD Lists Person & email address to contact for further information: Kurt Zeilenga <kurt@openldap.org> Usage: Feature Specification: RFC 4529 Author/Change Controller: Kurt Zeilenga <kurt@openldap.org> Comments: none
This OID was assigned [ASSIGN] by OpenLDAP Foundation, under its IANA-assigned private enterprise allocation [PRIVATE], for use in this specification.
此OID由OpenLDAP基金会指派(赋值),在其IANA分配的私有企业分配(私有)下,用于本规范中。
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。
[RFC4234] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax Specifications: ABNF", RFC 4234, October 2005.
[RFC4234]Crocker,D.,Ed.和P.Overell,“语法规范的扩充BNF:ABNF”,RFC 4234,2005年10月。
[RFC4510] Zeilenga, K., Ed., "Lightweight Directory Access Protocol (LDAP): Technical Specification Road Map", RFC 4510, June 2006.
[RFC4510]Zeilenga,K.,Ed.“轻量级目录访问协议(LDAP):技术规范路线图”,RFC45102006年6月。
[RFC4511] Sermersheim, J., Ed., "Lightweight Directory Access Protocol (LDAP): The Protocol", RFC 4511, June 2006.
[RFC4511]Sermersheim,J.,Ed.,“轻量级目录访问协议(LDAP):协议”,RFC4511,2006年6月。
[RFC4512] Zeilenga, K., "Lightweight Directory Access Protocol (LDAP): Directory Information Models", RFC 4512, June 2006.
[RFC4512]Zeilenga,K.,“轻量级目录访问协议(LDAP):目录信息模型”,RFC4512,2006年6月。
[RFC4516] Smith, M., Ed. and T. Howes, "Lightweight Directory Access Protocol (LDAP): Uniform Resource Locator", RFC 4516, June 2006.
[RFC4516]Smith,M.,Ed.和T.Howes,“轻量级目录访问协议(LDAP):统一资源定位器”,RFC4516,2006年6月。
[X.680] International Telecommunication Union - Telecommunication Standardization Sector, "Abstract Syntax Notation One (ASN.1) - Specification of Basic Notation", X.680(2002) (also ISO/IEC 8824-1:2002).
[X.680]国际电信联盟-电信标准化部门,“抽象语法符号1(ASN.1)-基本符号规范”,X.680(2002)(也称ISO/IEC 8824-1:2002)。
[RFC3673] Zeilenga, K., "Lightweight Directory Access Protocol version 3 (LDAPv3): All Operational Attributes", RFC 3673, December 2003.
[RFC3673]Zeilenga,K.,“轻型目录访问协议版本3(LDAPv3):所有操作属性”,RFC 36732003年12月。
[RFC4519] Sciberras, A., Ed., "Lightweight Directory Access Protocol (LDAP): Schema for User Applications", RFC 4519, June 2006.
[RFC4519]Sciberras,A.,Ed.,“轻量级目录访问协议(LDAP):用户应用程序模式”,RFC4519,2006年6月。
[RFC4520] Zeilenga, K., "Internet Assigned Numbers Authority (IANA) Considerations for the Lightweight Directory Access Protocol (LDAP)", BCP 64, RFC 4520, June 2006.
[RFC4520]Zeilenga,K.,“轻量级目录访问协议(LDAP)的互联网分配号码管理局(IANA)注意事项”,BCP 64,RFC 4520,2006年6月。
[ReadEntry] Zeilenga, K., "Lightweight Directory Access Protocol (LDAP) Read Entry Controls", RFC 4527, June 2006.
[ReadEntry]Zeilenga,K.,“轻量级目录访问协议(LDAP)读取条目控制”,RFC4527,2006年6月。
[ASSIGN] OpenLDAP Foundation, "OpenLDAP OID Delegations", http://www.openldap.org/foundation/oid-delegate.txt.
[分配] OpenLDAP基金会,“OpenLDAP类委托”,http://www.openldap.org/foundation/oid-delegate.txt.
[PRIVATE] IANA, "Private Enterprise Numbers", http://www.iana.org/assignments/enterprise-numbers.
[私人]IANA,“私人企业编号”,http://www.iana.org/assignments/enterprise-numbers.
Author's Address
作者地址
Kurt D. Zeilenga OpenLDAP Foundation
库尔特D.Zeeliga OpenLDAP基金会
EMail: Kurt@OpenLDAP.org
EMail: Kurt@OpenLDAP.org
Full Copyright Statement
完整版权声明
Copyright (C) The Internet Society (2006).
版权所有(C)互联网协会(2006年)。
This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights.
本文件受BCP 78中包含的权利、许可和限制的约束,除其中规定外,作者保留其所有权利。
This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
本文件及其包含的信息是按“原样”提供的,贡献者、他/她所代表或赞助的组织(如有)、互联网协会和互联网工程任务组不承担任何明示或暗示的担保,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。
Intellectual Property
知识产权
The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79.
IETF对可能声称与本文件所述技术的实施或使用有关的任何知识产权或其他权利的有效性或范围,或此类权利下的任何许可可能或可能不可用的程度,不采取任何立场;它也不表示它已作出任何独立努力来确定任何此类权利。有关RFC文件中权利的程序信息,请参见BCP 78和BCP 79。
Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr.
向IETF秘书处披露的知识产权副本和任何许可证保证,或本规范实施者或用户试图获得使用此类专有权利的一般许可证或许可的结果,可从IETF在线知识产权存储库获取,网址为http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org.
IETF邀请任何相关方提请其注意任何版权、专利或专利申请,或其他可能涵盖实施本标准所需技术的专有权利。请将信息发送至IETF的IETF-ipr@ietf.org.
Acknowledgement
确认
Funding for the RFC Editor function is provided by the IETF Administrative Support Activity (IASA).
RFC编辑器功能的资金由IETF行政支持活动(IASA)提供。