Lightweight Directory Access Protocol version 3 (LDAPv3): All Operational Attributes (RFC3673)
Original Publication Date: 2003-Dec-01
Included in the Prior Art Database: 2003-Dec-17
Internet Society Requests For Comment (RFCs)
The Lightweight Directory Access Protocol (LDAP) supports a mechanism for requesting the return of all user attributes but not all operational attributes. This document describes an LDAP extension which clients may use to request the return of all operational attributes.
Network Working Group K. Zeilenga
Request for Comments: 3673 OpenLDAP Foundation
Category: Standards Track December 2003
Lightweight Directory Access Protocol version 3 (LDAPv3):
All Operational Attributes
Status of this Memo
This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Copyright (C) The Internet Society (2003). All Rights Reserved.
The Lightweight Directory Access Protocol (LDAP) supports a mechanism
for requesting the return of all user attributes but not all
operational attributes. This document describes an LDAP extension
which clients may use to request the return of all operational
X.500 [X.500] provides a mechanism for clients to request all
operational attributes be returned with entries provided in response
to a search operation. This mechanism is often used by clients to
discover which operational attributes are present in an entry.
This documents extends the Lightweight Directory Access Protocol
(LDAP) [RFC3377] to provide a simple mechanism which clients may use
to request the return of all operational attributes. The mechanism
is designed for use with existing general purpose LDAP clients
(including web browsers which support LDAP URLs) and existing LDAP
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in BCP 14 [RFC2119].
Zeilenga Standards Track [Page 1]
RFC 3673 LDAPv3: All Operational Attributes December 2003
2. All Operational Attributes
The presence of the attribute description "+" (ASCII 43) in the list
of attributes in a Search Request [RFC2251] SHALL signify a request
for the return of all operational attributes.
As with all search requests, client implementors should note that
results may not include all requested attributes due to access
controls or other restrictions. Client implementors should also note
that certain operational attributes may be returned only if requested
by name even when "+" is present. This is because some operational
attributes are very expensive to return.
Servers supporting this feature SHOULD publish the Object Identifier
220.127.116.11.4.1.418.104.22.168 as a value of the 'supportedFeatures'
[RFC3674] attribute in the root DSE.
3. Interoperability Considerations
This mechanism is specifically designed to allow users to request all
operational attributes using existing LDAP clients. In particular,
the mechanism is designed to be compatible with existing general
purpose LDAP clients including those supporting LDAP URLs [RFC2255].
The addition of this mechanism to LDAP is not believed to cause any
significant interoperability issues (th...