Browse Prior Art Database

Subentries in the Lightweight Directory Access Protocol (LDAP) (RFC3672)

IP.com Disclosure Number: IPCOM000021125D
Original Publication Date: 2003-Dec-01
Included in the Prior Art Database: 2003-Dec-24
Document File: 13 page(s) / 25K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

K. Zeilenga: AUTHOR

Abstract

In X.500 directories, subentries are special entries used to hold information associated with a subtree or subtree refinement. This document adapts X.500 subentries mechanisms for use with the Lightweight Directory Access Protocol (LDAP).

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 14% of the total text.

Network Working Group K. Zeilenga

Request for Comments: 3672 OpenLDAP Foundation

Category: Standards Track S. Legg

Adacel Technologies

December 2003

Subentries in the Lightweight Directory Access Protocol (LDAP)

Status of this Memo

This document specifies an Internet standards track protocol for the

Internet community, and requests discussion and suggestions for

improvements. Please refer to the current edition of the "Internet

Official Protocol Standards" (STD 1) for the standardization state

and status of this protocol. Distribution of this memo is unlimited.

Copyright Notice

Copyright (C) The Internet Society (2003). All Rights Reserved.

Abstract

In X.500 directories, subentries are special entries used to hold

information associated with a subtree or subtree refinement. This

document adapts X.500 subentries mechanisms for use with the

Lightweight Directory Access Protocol (LDAP).

1. Overview

From [X.501]:

A subentry is a special kind of entry immediately subordinate to

an administrative point. It contains attributes that pertain to

a subtree (or subtree refinement) associated with its

administrative point. The subentries and their administrative

point are part of the same naming context.

A single subentry may serve all or several aspects of

administrative authority. Alternatively, a specific aspect of

administrative authority may be handled through one or more of

its own subentries.

Subentries in the Lightweight Directory Access Protocol (LDAP)

[RFC3377] SHALL behave in accordance with X.501 unless noted

otherwise in this specification.

Zeilenga & Legg Standards Track [Page 1]

RFC 3672 Subentries in LDAP December 2003

In absence of the subentries control (detailed in Section 3),

subentries SHALL NOT be considered in one-level and subtree scope

search operations. For all other operations, including base scope

search operations, subentries SHALL be considered.

1.1. Conventions

Schema definitions are provided using LDAP description formats

[RFC2252]. Definitions provided here are formatted (line wrapped)

for readability.

Protocol elements are described using ASN.1 [X.680]. The term "BER-

encoded" means the element is to be encoded using the Basic Encoding

Rules [X.690] under the restrictions detailed in Section 5.1 of

[RFC2251].

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",

"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this

document are to be interpreted as described in BCP 14 [RFC2119].

2. Subentry Schema

2.1. Subtree Specification Syntax

The Subtree Specification syntax provides a general purpose mechanism

for the specification of a subset of entries in a subtree of the

Directory Information Tree (DIT). A subtree begins at some base

entry and includes the subordinates of that entry down to some

identified lower boundary, possibly extending to the leaf entries. A

subtree specification is always used within a context or scope which

implicitly determines the bounds of the subtree. For example, the

scope...