RFC3377 - Lightweight Directory Access Protocol (v3): Technical Specification
减小字体
增大字体Network Working Group J. Hodges
Request for Comments: 3377 Sun Microsystems Inc.
Category: Standards Track R. Morgan
University of Washington
September 2002
Lightweight Directory Access Protocol (v3):
Technical Specification
Status of this Memo
This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2002). All Rights Reserved.
Abstract
This document specifies the set of RFCs comprising the Lightweight
Directory Access Protocol Version 3 (LDAPv3), and addresses the "IESG
Note" attached to RFCs 2251 through 2256.
1. Background and Motivation
The specification for the Lightweight Directory Access Protocol
version 3 (LDAPv3) nominally comprises eight RFCs which were issued
in two distinct subsets at separate times -- RFCs 2251 through 2256
first, then RFCs 2829 and 2830 following later.
RFC2251 through 2256 do not mandate the implementation of any
satisfactory authentication mechanisms and hence were published with
an "IESG Note" discouraging implementation and deployment of LDAPv3
clients or servers implementing update functionality until a Proposed
Standard for mandatory authentication in LDAPv3 is published.
RFC2829 was subsequently published in answer to the IESG Note.
The purpose of this document is to explicitly specify the set of RFCs
comprising LDAPv3, and formally address the IESG Note through
explicit inclusion of RFC2829.
2. Specification of LDAPv3
The Lightweight Directory Access Protocol version 3 (LDAPv3) is
specified by this set of nine RFCs:
[RFC2251] Lightweight Directory Access Protocol (v3) [the
specification of the LDAP on-the-wire protocol]
[RFC2252] Lightweight Directory Access Protocol (v3): Attribute
Syntax Definitions
[RFC2253] Lightweight Directory Access Protocol (v3): UTF-8
String Representation of Distinguished Names
[RFC2254] The String Representation of LDAP Search Filters
[RFC2255] The LDAP URL Format
[RFC2256] A Summary of the X.500(96) User Schema for use with
LDAPv3
[RFC2829] Authentication Methods for LDAP
[RFC2830] Lightweight Directory Access Protocol (v3): Extension
for Transport Layer Security
And, this document (RFC3377).
The term "LDAPv3" is often used informally to refer to the protocol
specified by the above set of RFCs, or subsets thereof. However, the
LDAPv3 protocol suite, as defined here, should be formally identified
in other documents by a normative reference to this document.
3. Addressing the "IESG Note" in RFCs 2251 through 2256
The IESG approved publishing RFCs 2251 through 2256 with an attendant
IESG Note included in each document. The Note begins with:
This document describes a directory access protocol that provides
both read and update access. Update access requires secure
authentication, but this document does not mandate implementation
of any satisfactory authentication mechanisms.
The Note ends with this statement:
Implementors are hereby discouraged from deploying LDAPv3 clients
or servers which implement the update functionality, until a
Proposed Standard for mandatory authentication in LDAPv3 has been
approved and published as an RFC.
[RFC2829] is expressly the "Proposed Standard for mandatory
authentication in LDAPv3" called for in the Note. Thus, the IESG
Note in [RFC2251], [RFC2252], [RFC2253], [RFC2254], [RFC2255], and
[RFC2256] is addressed.
4. Security Considerations
This document does not directly discuss security, although the
context of the aforementioned IESG Note is security related, as is
the manner in which it is addressed.
Please refer to the referenced documents, especially [RFC2829],
[RFC2251], and [RFC2830], for further information concerning LDAPv3
security.
5. Acknowledgements
The authors thank Patrik Faltstrom, Leslie Daigle, Thomas Narten, and
Kurt Zeilenga for their contributions to this document.
6. References
[RFC2251] Wahl, M., Kille, S. and T. Howes, "Lightweight Directory
Access Protocol (v3)", RFC2251, December 1997.
[RFC2252] Wahl, M., Coulbeck, A., Howes, T. and S. Kille,
"Lightweight Directory Access Protocol (v3): Attribute
Syntax Definitions", RFC2252, December 1997.
[RFC2253] Kille, S., Wahl, M. and T. Howes, "Lightweight Directory
Access Protocol (v3): UTF-8 String Representation of
Distinguished Names", RFC2253, December 1997.
[RFC2254] Howes, T., "The String Representation of LDAP Search
Filters", RFC2254, December 1997.
[RFC2255] Howes, T. and M. Smith, "The LDAP URL Format", RFC2255,
December 1997.
[RFC2256] Wahl, M., "A Summary of the X.500(96) User Schema for use
with LDAPv3", RFC2256, December 1997.
[RFC2829] Wahl, M., Alvestrand, H., Hodges, J. and R. Morgan,
"Authentication Methods for LDAP", RFC2829, May 2000.
[RFC2830] Hodges, J., Morgan, R. and M. Wahl, "Lightweight Directory
Access Pro
Request for Comments: 3377 Sun Microsystems Inc.
Category: Standards Track R. Morgan
University of Washington
September 2002
Lightweight Directory Access Protocol (v3):
Technical Specification
Status of this Memo
This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2002). All Rights Reserved.
Abstract
This document specifies the set of RFCs comprising the Lightweight
Directory Access Protocol Version 3 (LDAPv3), and addresses the "IESG
Note" attached to RFCs 2251 through 2256.
1. Background and Motivation
The specification for the Lightweight Directory Access Protocol
version 3 (LDAPv3) nominally comprises eight RFCs which were issued
in two distinct subsets at separate times -- RFCs 2251 through 2256
first, then RFCs 2829 and 2830 following later.
RFC2251 through 2256 do not mandate the implementation of any
satisfactory authentication mechanisms and hence were published with
an "IESG Note" discouraging implementation and deployment of LDAPv3
clients or servers implementing update functionality until a Proposed
Standard for mandatory authentication in LDAPv3 is published.
RFC2829 was subsequently published in answer to the IESG Note.
The purpose of this document is to explicitly specify the set of RFCs
comprising LDAPv3, and formally address the IESG Note through
explicit inclusion of RFC2829.
2. Specification of LDAPv3
The Lightweight Directory Access Protocol version 3 (LDAPv3) is
specified by this set of nine RFCs:
[RFC2251] Lightweight Directory Access Protocol (v3) [the
specification of the LDAP on-the-wire protocol]
[RFC2252] Lightweight Directory Access Protocol (v3): Attribute
Syntax Definitions
[RFC2253] Lightweight Directory Access Protocol (v3): UTF-8
String Representation of Distinguished Names
[RFC2254] The String Representation of LDAP Search Filters
[RFC2255] The LDAP URL Format
[RFC2256] A Summary of the X.500(96) User Schema for use with
LDAPv3
[RFC2829] Authentication Methods for LDAP
[RFC2830] Lightweight Directory Access Protocol (v3): Extension
for Transport Layer Security
And, this document (RFC3377).
The term "LDAPv3" is often used informally to refer to the protocol
specified by the above set of RFCs, or subsets thereof. However, the
LDAPv3 protocol suite, as defined here, should be formally identified
in other documents by a normative reference to this document.
3. Addressing the "IESG Note" in RFCs 2251 through 2256
The IESG approved publishing RFCs 2251 through 2256 with an attendant
IESG Note included in each document. The Note begins with:
This document describes a directory access protocol that provides
both read and update access. Update access requires secure
authentication, but this document does not mandate implementation
of any satisfactory authentication mechanisms.
The Note ends with this statement:
Implementors are hereby discouraged from deploying LDAPv3 clients
or servers which implement the update functionality, until a
Proposed Standard for mandatory authentication in LDAPv3 has been
approved and published as an RFC.
[RFC2829] is expressly the "Proposed Standard for mandatory
authentication in LDAPv3" called for in the Note. Thus, the IESG
Note in [RFC2251], [RFC2252], [RFC2253], [RFC2254], [RFC2255], and
[RFC2256] is addressed.
4. Security Considerations
This document does not directly discuss security, although the
context of the aforementioned IESG Note is security related, as is
the manner in which it is addressed.
Please refer to the referenced documents, especially [RFC2829],
[RFC2251], and [RFC2830], for further information concerning LDAPv3
security.
5. Acknowledgements
The authors thank Patrik Faltstrom, Leslie Daigle, Thomas Narten, and
Kurt Zeilenga for their contributions to this document.
6. References
[RFC2251] Wahl, M., Kille, S. and T. Howes, "Lightweight Directory
Access Protocol (v3)", RFC2251, December 1997.
[RFC2252] Wahl, M., Coulbeck, A., Howes, T. and S. Kille,
"Lightweight Directory Access Protocol (v3): Attribute
Syntax Definitions", RFC2252, December 1997.
[RFC2253] Kille, S., Wahl, M. and T. Howes, "Lightweight Directory
Access Protocol (v3): UTF-8 String Representation of
Distinguished Names", RFC2253, December 1997.
[RFC2254] Howes, T., "The String Representation of LDAP Search
Filters", RFC2254, December 1997.
[RFC2255] Howes, T. and M. Smith, "The LDAP URL Format", RFC2255,
December 1997.
[RFC2256] Wahl, M., "A Summary of the X.500(96) User Schema for use
with LDAPv3", RFC2256, December 1997.
[RFC2829] Wahl, M., Alvestrand, H., Hodges, J. and R. Morgan,
"Authentication Methods for LDAP", RFC2829, May 2000.
[RFC2830] Hodges, J., Morgan, R. and M. Wahl, "Lightweight Directory
Access Pro
