INTERNET-DRAFT Michael P. Armijo Microsoft Corporation July, 2000 Expires: January, 2001 Result Message for LDAP Controls Status of this Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet- Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. Distribution of this memo is unlimited. It is filed as , and expires on January 14, 2001. Please send comments to the authors. 1. Abstract LDAPv3 [1] allows for the extension of the protocol through the use of controls. These controls allow existing operations to be enhanced to provide additional functionality for directory operations. Complex controls are being established that are bringing up error conditions not anticipated in the LDAPv3 specifications. The purpose of this draft is to create new result codes specific to LDAP controls and to define guidelines for the use of these result codes. 2. The LDAP Control Response Code The LDAPResult construct as defined in RFC 2251 [1] would be amended to include the following additional result codes: LDAPResult ::= SEQUENCE { resultCode ENUMERATED { controlError (xx), criticalControlError (xx)}, matchedDN LDAPDN, errorMessage LDAPString, referral [3] Referral OPTIONAL } The controlError signifies that portions of the operation MAY have not completed in it's entirety due to an error in an associated control. The criticalControlError signifies that the operation has failed due to an error in an associated critical control. 3. Use of the LDAP Control Response Code The controlError result code should be returned when an operation has succeeded but an attached control may have failed. Controls MAY define a control specific response code that is embedded in the control value. The criticalControlError indicates that an attached critical control has caused the entire operation to fail. The controlError or criticalControlError response code can be defined in control specifications to signify that the client should parse the embedded response code for details on the control failure. The exact behavior of the client with particular controls MUST be defined in any control specification. 4. Security Considerations This document defines an extension to RFC 2251 [1] and has the same security issues. See the security considerations section in [1] for more details. 5. References [1] Wahl, M., Howes, T. and S. Kille, "Lightweight Directory Access Protocol(v3)", RFC 2251, December 1997. 6. Authors Address Michael P. Armijo One Microsoft Way Redmond, WA 98052 micharm@microsoft.com Expires January, 2001