Lightweight Directory Access Protocol (v3): Technical Specification
RFC 3377
Document | Type |
RFC - Proposed Standard
(September 2002; Errata)
Obsoleted by RFC 4510
|
|
---|---|---|---|
Authors | Morgan Rl , Jeff Hodges | ||
Last updated | 2020-01-21 | ||
Stream | Internet Engineering Task Force (IETF) | ||
Formats | plain text html pdf htmlized (tools) htmlized with errata bibtex | ||
Stream | WG state | (None) | |
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 3377 (Proposed Standard) | |
Action Holders |
(None)
|
||
Consensus Boilerplate | Unknown | ||
Telechat date | |||
Responsible AD | Patrik Fältström | ||
Send notices to | (None) |
Network Working Group J. Hodges Request for Comments: 3377 Sun Microsystems Inc. Category: Standards Track R. Morgan University of Washington September 2002 Lightweight Directory Access Protocol (v3): Technical Specification Status of this Memo This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (2002). All Rights Reserved. Abstract This document specifies the set of RFCs comprising the Lightweight Directory Access Protocol Version 3 (LDAPv3), and addresses the "IESG Note" attached to RFCs 2251 through 2256. 1. Background and Motivation The specification for the Lightweight Directory Access Protocol version 3 (LDAPv3) nominally comprises eight RFCs which were issued in two distinct subsets at separate times -- RFCs 2251 through 2256 first, then RFCs 2829 and 2830 following later. RFC 2251 through 2256 do not mandate the implementation of any satisfactory authentication mechanisms and hence were published with an "IESG Note" discouraging implementation and deployment of LDAPv3 clients or servers implementing update functionality until a Proposed Standard for mandatory authentication in LDAPv3 is published. RFC 2829 was subsequently published in answer to the IESG Note. The purpose of this document is to explicitly specify the set of RFCs comprising LDAPv3, and formally address the IESG Note through explicit inclusion of RFC 2829. Hodges & Morgan Standards Track [Page 1] RFC 3377 LDAPv3: Technical Specification September 2002 2. Specification of LDAPv3 The Lightweight Directory Access Protocol version 3 (LDAPv3) is specified by this set of nine RFCs: [RFC2251] Lightweight Directory Access Protocol (v3) [the specification of the LDAP on-the-wire protocol] [RFC2252] Lightweight Directory Access Protocol (v3): Attribute Syntax Definitions [RFC2253] Lightweight Directory Access Protocol (v3): UTF-8 String Representation of Distinguished Names [RFC2254] The String Representation of LDAP Search Filters [RFC2255] The LDAP URL Format [RFC2256] A Summary of the X.500(96) User Schema for use with LDAPv3 [RFC2829] Authentication Methods for LDAP [RFC2830] Lightweight Directory Access Protocol (v3): Extension for Transport Layer Security And, this document (RFC3377). The term "LDAPv3" is often used informally to refer to the protocol specified by the above set of RFCs, or subsets thereof. However, the LDAPv3 protocol suite, as defined here, should be formally identified in other documents by a normative reference to this document. 3. Addressing the "IESG Note" in RFCs 2251 through 2256 The IESG approved publishing RFCs 2251 through 2256 with an attendant IESG Note included in each document. The Note begins with: This document describes a directory access protocol that provides both read and update access. Update access requires secure authentication, but this document does not mandate implementation of any satisfactory authentication mechanisms. Hodges & Morgan Standards Track [Page 2] RFC 3377 LDAPv3: Technical Specification September 2002 The Note ends with this statement: Implementors are hereby discouraged from deploying LDAPv3 clients or servers which implement the update functionality, until a Proposed Standard for mandatory authentication in LDAPv3 has been approved and published as an RFC. [RFC2829] is expressly the "Proposed Standard for mandatory authentication in LDAPv3" called for in the Note. Thus, the IESG Note in [RFC2251], [RFC2252], [RFC2253], [RFC2254], [RFC2255], and [RFC2256] is addressed. 4. Security Considerations This document does not directly discuss security, although the context of the aforementioned IESG Note is security related, as is the manner in which it is addressed. Please refer to the referenced documents, especially [RFC2829], [RFC2251], and [RFC2830], for further information concerning LDAPv3 security. 5. Acknowledgements The authors thank Patrik Faltstrom, Leslie Daigle, Thomas Narten, and Kurt Zeilenga for their contributions to this document.Show full document text