Network Working Group M. Wahl Request for Comments: DRAFT Critical Angle Inc. November 22, 1997 LDAPv3 Change Log Triggered Search Result Control 1. Status of this Memo This document is an Internet-Draft. Internet-Drafts are working docu- ments of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as ``work in progress.'' To learn the current status of any Internet-Draft, please check the ``1id-abstracts.txt'' listing contained in the Internet-Drafts Shadow Directories on ftp.is.co.za (Africa), nic.nordu.net (Europe), munnari.oz.au (Pacific Rim), ds.internic.net (US East Coast), or ftp.isi.edu (US West Coast). 2. Abstract This document defines a LDAPv3 [2] control to be used on the Search Request to allow a client to retrieve information on changes which are made to the directory information tree held by that server. The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [1]. 3. Control Definition A client may provide a control of a particular type when invoking a search request. The controlType is "1.3.6.1.4.1.1466.29539.10", the criticality field may be TRUE, FALSE, and the controlValue field is absent. To have an effect, the search request MUST have the baseObject field set to the name of the base of the server's change log [3], the scope MUST be either singleLevel or wholeSubtree, and the size and time limits MUST both be 0. The server will return SearchResultEntry responses for all responses in the change log which match the client's search filter. However, the server will not return a SearchResultDone as it would normally. Wahl LDAPv3 Change Log Triggered Search Result Control Page 1 INTERNET-DRAFT draft-wahl-ldapv3-trigger-00.txt Nov. 1997 Instead, the server will preserve the client's message id, search filter and requested attribute list and associate it with the client's connection. The server will only return the SearchResultDone if there is an error condition (e.g. unwillingToPerform), and will not return the SearchResultDone if the request was successful. So long as the connection to the client is open and the client does not abandon the request or reuse the request message id, the server will return additional SearchResultEntry responses as entries are added to the change log. These responses have the same message id as the original request. The client may terminate the return of responses by abandoning the request. 7. Security Considerations The changes attribute of the change log entries should not be generally readable. The administrator will configure specific clients which are authorized to retrieve this attribute. 8. Bibliography [1] S. Bradner, "Key words for use in RFCs to Indicate Requirement Levels", RFC 2119. [2] "Lightweight Directory Access Protocol (v3)", INTERNET DRAFT . [3] "Definition of An Object Class to Hold LDAP Change Records", INTERNET DRAFT . 9. Authors Address Mark Wahl Critical Angle Inc. 4815 West Braker Lane #502-385 Austin, TX 78759 USA Phone: +1 512 372-3160 EMail: M.Wahl@critical-angle.com Wahl LDAPv3 Change Log Triggered Search Result Control Page 2