Network Working Group R. Harrison
Request for Comments: 4373 J. Sermersheim
Category: Informational Novell, Inc.
Y. Dong
January 2006
Network Working Group R. Harrison
Request for Comments: 4373 J. Sermersheim
Category: Informational Novell, Inc.
Y. Dong
January 2006
Lightweight Directory Access Protocol (LDAP) Bulk Update/Replication Protocol (LBURP)
轻型目录访问协议(LDAP)批量更新/复制协议(LBURP)
Status of This Memo
关于下段备忘
This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited.
本备忘录为互联网社区提供信息。它没有规定任何类型的互联网标准。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (C) The Internet Society (2006).
版权所有(C)互联网协会(2006年)。
Abstract
摘要
The Lightweight Directory Access Protocol (LDAP) Bulk Update/Replication Protocol (LBURP) allows an LDAP client to perform a bulk update to an LDAP server. The protocol frames a sequenced set of update operations within a pair of LDAP extended operations to notify the server that the update operations in the framed set are related in such a way that the ordering of all operations can be preserved during processing even when they are sent asynchronously by the client. Update operations can be grouped within a single protocol message to maximize the efficiency of client-server communication.
轻量级目录访问协议(LDAP)批量更新/复制协议(LBURP)允许LDAP客户端对LDAP服务器执行批量更新。协议在一对LDAP扩展操作中对一组已排序的更新操作进行帧化,以通知服务器,帧化集中的更新操作是以这样的方式关联的,即即使客户端异步发送操作,也可以在处理过程中保留所有操作的顺序。更新操作可以在单个协议消息中分组,以最大限度地提高客户机-服务器通信的效率。
The protocol is suitable for efficiently making a substantial set of updates to the entries in an LDAP server.
该协议适用于高效地对LDAP服务器中的条目进行大量更新。
Table of Contents
目录
1. Introduction ....................................................3
2. Conventions Used in This Document ...............................3
3. Overview of Protocol ............................................3
3.1. Update Initiation ..........................................4
3.2. Update Stream ..............................................4
3.2.1. LBURPUpdateRequest ..................................4
3.2.2. LBURPUpdateResponse .................................4
3.3. Update Termination .........................................4
3.4. Applicability of Protocol ..................................5
4. Description of Protocol Flow ....................................5
5. Elements of Protocol ............................................6
5.1. StartLBURPRequest ..........................................7
5.1.1. updateStyleOID ......................................7
5.2. StartLBURPResponse .........................................7
5.2.1. maxOperations .......................................8
5.3. LBURPUpdateRequest .........................................8
5.3.1. sequenceNumber ......................................8
5.3.2. UpdateOperationList .................................9
5.4. LBURPUpdateResponse ........................................9
5.4.1. OperationResults ...................................10
5.4.1.1. operationNumber ...........................10
5.4.1.2. ldapResult ................................10
5.5. EndLBURPRequest ...........................................10
5.5.1. sequenceNumber .....................................10
5.6. EndLBURPResponse ..........................................11
6. Semantics of the Incremental Update Style ......................11
7. General LBURP Semantics ........................................11
8. Security Considerations ........................................12
9. IANA Considerations ............................................13
9.1. LDAP Object Identifier Registrations ......................13
10. Normative References ..........................................14
11. Informative References ........................................14
1. Introduction ....................................................3
2. Conventions Used in This Document ...............................3
3. Overview of Protocol ............................................3
3.1. Update Initiation ..........................................4
3.2. Update Stream ..............................................4
3.2.1. LBURPUpdateRequest ..................................4
3.2.2. LBURPUpdateResponse .................................4
3.3. Update Termination .........................................4
3.4. Applicability of Protocol ..................................5
4. Description of Protocol Flow ....................................5
5. Elements of Protocol ............................................6
5.1. StartLBURPRequest ..........................................7
5.1.1. updateStyleOID ......................................7
5.2. StartLBURPResponse .........................................7
5.2.1. maxOperations .......................................8
5.3. LBURPUpdateRequest .........................................8
5.3.1. sequenceNumber ......................................8
5.3.2. UpdateOperationList .................................9
5.4. LBURPUpdateResponse ........................................9
5.4.1. OperationResults ...................................10
5.4.1.1. operationNumber ...........................10
5.4.1.2. ldapResult ................................10
5.5. EndLBURPRequest ...........................................10
5.5.1. sequenceNumber .....................................10
5.6. EndLBURPResponse ..........................................11
6. Semantics of the Incremental Update Style ......................11
7. General LBURP Semantics ........................................11
8. Security Considerations ........................................12
9. IANA Considerations ............................................13
9.1. LDAP Object Identifier Registrations ......................13
10. Normative References ..........................................14
11. Informative References ........................................14
The Lightweight Directory Access Protocol (LDAP) Bulk Update/Replication Protocol (LBURP) arose from the need to allow an LDAP client to efficiently present large quantities of updates to an LDAP server and have the LDAP server efficiently process them. LBURP introduces a minimum of new operational functionality to the LDAP protocol because the update requests sent by the client encapsulate standard LDAP [RFC2251] update operations. However, this protocol greatly facilitates bulk updates by allowing the client to send the update operations asynchronously and still allow the server to maintain proper ordering of the operations. It also allows the server to recognize the client's intent to perform a potentially large set of update operations and then to change its processing strategy to more efficiently process the operations.
轻量级目录访问协议(LDAP)批量更新/复制协议(LBURP)产生于需要允许LDAP客户端高效地向LDAP服务器呈现大量更新,并让LDAP服务器高效地处理这些更新。LBURP为LDAP协议引入了最少的新操作功能,因为客户端发送的更新请求封装了标准LDAP[RFC2251]更新操作。但是,该协议允许客户端异步发送更新操作,并且仍然允许服务器保持操作的正确顺序,从而极大地促进了批量更新。它还允许服务器识别客户端执行一组可能较大的更新操作的意图,然后更改其处理策略以更有效地处理这些操作。
Imperative keywords defined in RFC 2119 [RFC2119] are used in this document, and carry the meanings described there.
本文件中使用了RFC 2119[RFC2119]中定义的命令式关键字,并具有此处描述的含义。
All Basic Encoding Rules (BER) [X.690] encodings follow the conventions found in section 5.1 of [RFC2251].
所有基本编码规则(BER)[X.690]编码遵循[RFC2251]第5.1节中的约定。
The term "supplier" applies to an LDAP client or an LDAP server (acting as a client) that supplies a set of update operations to a consumer.
术语“供应商”适用于向使用者提供一组更新操作的LDAP客户端或LDAP服务器(充当客户端)。
The term "consumer" applies to an LDAP server that consumes (i.e., processes) the sequenced set of update operations sent to it by a supplier.
术语“使用者”适用于使用(即处理)供应商发送给它的更新操作序列集的LDAP服务器。
LBURP frames a set of update operations within a pair of LDAP extended operations that mark the beginning and end of the update set. These updates are sent via LDAP extended operations, each containing a sequence number and a list of one or more update operations to be performed by the consumer. Except for the fact that they are grouped together as part of a larger LDAP message, the update operations in each subset are encoded as LDAP update operations and use the LDAP Abstract Syntax Notation One (ASN.1) [X.680] message types specified in [RFC2251].
LBURP在标记更新集开始和结束的一对LDAP扩展操作中构建一组更新操作。这些更新是通过LDAP扩展操作发送的,每个更新都包含一个序列号和消费者要执行的一个或多个更新操作的列表。除了将它们作为更大的LDAP消息的一部分分组在一起之外,每个子集中的更新操作都被编码为LDAP更新操作,并使用[RFC2251]中指定的LDAP抽象语法符号One(ASN.1)[X.680]消息类型。
The protocol is initiated when a supplier sends a StartLBURPRequest extended operation to a consumer as a notification that a stream of associated LBURPUpdateRequests will follow. The supplier associates semantics with this stream of requests by including the Object Identifier (OID) of the bulk update/replication style in the StartLBURPRequest. The consumer responds to the StartLBURPRequest with a StartLBURPResponse message.
当供应商向消费者发送Prequest扩展操作,作为相关LBurpupDateRequest请求流将跟随的通知时,协议启动。供应商通过在Prequest中包含批量更新/复制样式的对象标识符(OID),将语义与该请求流相关联。消费者用StartBurpResponse消息响应StartBurpResponse请求。
After the consumer responds with a StartLBURPResponse, the supplier sends a stream of LBURPUpdateRequest messages to the consumer. Messages within this stream may be sent asynchronously to maximize the efficiency of the transfer. The consumer responds to each LBURPUpdateRequest with an LBURPUpdateResponse message.
在消费者以惊人的BurpResponse响应之后,供应商向消费者发送一个LBURPUpdateRequest消息流。此流中的消息可以异步发送,以最大限度地提高传输效率。使用者使用LBURPUpdateResponse消息响应每个LBURPUpdateRequest。
Each LBURPUpdateRequest contains a sequence number identifying its relative position within the update stream and an UpdateOperationList containing an ordered list of LDAP update operations to be applied to the Directory Information Tree (DIT). The sequence number enables the consumer to process LBURPUpdateRequest messages in the order they were sent by the supplier even when they are sent asynchronously. The consumer processes each LBURPUpdateRequest according to the sequence number by applying the LDAP update operations in its UpdateOperationList to the DIT in the order they are listed.
每个LBURPUpdateRequest都包含一个序列号,用于标识其在更新流中的相对位置,以及一个UpdateOperationList,其中包含要应用于目录信息树(DIT)的LDAP更新操作的有序列表。序列号使使用者能够按照供应商发送的顺序处理LBURPUpdateRequest消息,即使这些消息是异步发送的。使用者根据序列号处理每个LBURPUpdateRequest,方法是按照列出的顺序将其UpdateOperationList中的LDAP更新操作应用于DIT。
When the consumer has processed the update operations from an UpdateOperationList, it sends an LBURPUpdateResponse to the supplier indicating the success or failure of the update operations contained within the corresponding LBURPUpdateRequest.
当使用者处理了UpdateOperationList中的更新操作时,它会向供应商发送一个LBurpupDate响应,指示相应LBurpupDate请求中包含的更新操作的成功或失败。
After the supplier has sent all of its LBURPUpdateRequest messages, it sends an EndLBURPRequest message to the consumer to terminate the update stream. Upon servicing all LBURPOperation requests and receiving the EndLBURPRequest, the consumer responds with an EndLBURPResponse, and the update is complete.
供应商发送其所有LBURPUpdateRequest消息后,将向消费者发送EndLBURPRequest消息以终止更新流。在为所有LBurpopulation请求提供服务并接收到EndLBURPRequest后,使用者将使用EndLBURPResponse进行响应,更新完成。
LBURP is designed to facilitate the bulk update of LDAP servers. It can also be used to synchronize directory information between a single master and multiple slaves.
LBURP旨在促进LDAP服务器的批量更新。它还可用于在单个主设备和多个从设备之间同步目录信息。
No attempt is made to deal with the issues associated with multiple-master replication environments (such as keeping modification times of attribute values) so that updates to the same entry on different replicas can be correctly ordered. For this reason, when LBURP alone is used for replication, proper convergence of the data between all replicas can only be assured in a single-master replication environment.
未尝试处理与多个主复制环境相关的问题(例如保留属性值的修改时间),以便可以正确排序对不同副本上相同条目的更新。因此,当仅使用LBURP进行复制时,只有在单个主复制环境中才能确保所有副本之间的数据正确聚合。
This section describes the LBURP protocol flow and the information contained in each protocol message. Throughout this section, the client or server acting as a supplier is indicated by the letter "S", and the server acting as a consumer is indicated by the letter "C". The construct "S -> C" indicates that the supplier is sending an LDAP message to the consumer, and "C -> S" indicates that the consumer is sending an LDAP message to the supplier. Note that the protocol flow below assumes that a properly authenticated LDAP session has already been established between the supplier and consumer.
本节描述LBURP协议流和每个协议消息中包含的信息。在本节中,作为供应商的客户机或服务器用字母“S”表示,作为消费者的服务器用字母“C”表示。构造“S->C”表示供应商正在向消费者发送LDAP消息,“C->S”表示消费者正在向供应商发送LDAP消息。请注意,下面的协议流假设供应商和消费者之间已经建立了经过适当身份验证的LDAP会话。
S -> C: StartLBURPRequest message. The parameter is:
S->C:Prequest消息。参数为:
1) OID for the LBURP update style (see section 5.1.1).
1) LBURP更新样式的OID(见第5.1.1节)。
C -> S: StartLBURPResponse message. The parameter is:
C->S:StartBurpResponse消息。参数为:
1) An optional maxOperations instruction (see section 5.2.1).
1) 可选的maxOperations指令(见第5.2.1节)。
S -> C: An update stream consisting of zero or more LBURPUpdateRequest messages. The requests MAY be sent asynchronously. The parameters are:
S->C:由零个或多个LBURPUpdateRequest消息组成的更新流。请求可以异步发送。参数包括:
1) A sequence number specifying the order of this LBURPUpdateRequest with respect to the other LBURPUpdateRequest messages in the update stream (see section 5.3.1).
1) 一个序列号,指定此LBURPUpdateRequest相对于更新流中其他LBURPUpdateRequest消息的顺序(参见第5.3.1节)。
2) LBURPUpdateRequest.updateOperationList, a list of one or more LDAP update operations (see section 5.3.2).
2) LBURPUpdateRequest.updateOperationList,一个或多个LDAP更新操作的列表(参见第5.3.2节)。
The consumer processes the LBURPUpdateRequest messages in the order of their sequence numbers and applies the LDAP update operations contained within each LBURPUpdateRequest to the DIT in the order they are listed.
使用者按照LBURPUpdateRequest消息的序列号顺序处理这些消息,并按照列出的顺序将每个LBURPUpdateRequest中包含的LDAP更新操作应用于DIT。
C -> S: LBURPUpdateResponse message. This is sent when the consumer completes processing the update operations from each LBURPUpdateRequest.updateOperationList.
C->S:LBURPUpdateResponse消息。当使用者完成处理来自每个LBURPUpdateRequest.updateOperationList的更新操作时,将发送此消息。
S -> C: EndLBURPRequest message. This is sent after the supplier sends all of its LBURPUpdateRequest messages to the consumer. The parameter is:
S->C:EndLBURPRequest消息。这是在供应商将其所有LBURPUpdateRequest消息发送给消费者之后发送的。参数为:
1) A sequence number that is one greater than the sequence number of the last LBURPUpdateRequest message in the update stream. This allows the EndLBURPRequest to also be sent asynchronously.
1) 比更新流中最后一条LBURPUpdateRequest消息的序列号大一个的序列号。这允许EndLBURPRequest也异步发送。
C -> S: EndLBURPResponse message. This is sent in response to the EndLBURPRequest after the consumer has serviced all LBURPOperation requests.
C->S:EndLBURPResponse消息。这是在消费者为所有LBurpopulation请求提供服务后,作为对EndLBURPRequest的响应而发送的。
LBURP uses two LDAP ExtendedRequest messages--StartLBURPRequest and EndLBURPRequest--to initiate and terminate the protocol. A third LDAP ExtendedRequest message--LBURPUpdateRequest--is used to send update operations from the supplier to the consumer. These three requests along with their corresponding responses comprise the entire protocol.
LBURP使用两条LDAP ExtendedRequest消息——StartBurPrequest和EndLBURPRequest——来启动和终止协议。第三条LDAP ExtendedRequest消息——LBURPUpdateRequest——用于将更新操作从供应商发送到消费者。这三个请求及其相应的响应构成了整个协议。
LBURP request messages are defined in terms of the LDAP ExtendedRequest [RFC2251] as follows:
LBURP请求消息根据LDAP ExtendedRequest[RFC2251]定义如下:
ExtendedRequest ::= [APPLICATION 23] SEQUENCE {
requestName [0] LDAPOID,
requestValue [1] OCTET STRING OPTIONAL
}
ExtendedRequest ::= [APPLICATION 23] SEQUENCE {
requestName [0] LDAPOID,
requestValue [1] OCTET STRING OPTIONAL
}
LBURP response messages are defined in terms of the LDAP ExtendedResponse [RFC2251] as follows:
LBURP响应消息根据LDAP ExtendedResponse[RFC2251]定义如下:
ExtendedResponse ::= [APPLICATION 24] SEQUENCE {
COMPONENTS of LDAPResult,
responseName [10] LDAPOID OPTIONAL,
response [11] OCTET STRING OPTIONAL
}
ExtendedResponse ::= [APPLICATION 24] SEQUENCE {
COMPONENTS of LDAPResult,
responseName [10] LDAPOID OPTIONAL,
response [11] OCTET STRING OPTIONAL
}
The requestName value of the StartLBURPRequest is OID 1.3.6.1.1.17.1.
Prequest的requestName值为OID 1.3.6.1.1.17.1。
The requestValue of the StartLBURPRequest contains the BER-encoding of the following ASN.1:
StartBurPrequest的requestValue包含以下ASN.1的BER编码:
StartLBURPRequestValue ::= SEQUENCE {
updateStyleOID LDAPOID
}
StartLBURPRequestValue ::= SEQUENCE {
updateStyleOID LDAPOID
}
LDAPOID is defined in [RFC2251], section 4.1.2.
LDAPOID在[RFC2251]第4.1.2节中定义。
The updateStyleOID is an OID that uniquely identifies the LBURP update style being used. This document defines one LBURP update semantic style that can be transmitted between the StartLBURPRequest and EndLBURPRequest. The updateStyleOID is included in the protocol for future expansion of additional update styles. For example, a future specification might define an update style with semantics to replace all existing entries with a new set of entries and thus only allows the Add operation.
updateStyleOID是唯一标识正在使用的LBURP更新样式的OID。本文档定义了一种LBURP更新语义样式,可在Prequest和EndLBURPRequest之间传输。updateStyleOID包含在协议中,用于将来扩展其他更新样式。例如,未来的规范可能会定义一个具有语义的更新样式,用一组新的条目替换所有现有条目,因此只允许添加操作。
The updateStyleOID for the LBURP Incremental Update style is 1.3.6.1.1.17.7. The semantics of this update style are described in section 6.
LBURP增量更新样式的updateStyleOID为1.3.6.1.1.17.7。第6节描述了此更新样式的语义。
The responseName of the StartLBURPResponse is the OID 1.3.6.1.1.17.2.
此响应的响应名称为OID 1.3.6.1.1.17.2。
The optional response element contains the BER-encoding of the following ASN.1:
可选响应元素包含以下ASN.1的BER编码:
StartLBURPResponseValue ::= maxOperations
StartLBURPResponseValue ::= maxOperations
maxOperations ::= INTEGER (0 .. maxInt)
maxOperations ::= INTEGER (0 .. maxInt)
maxInt INTEGER ::= 2147483647 -- (2^^31 - 1) --
maxInt INTEGER ::= 2147483647 -- (2^^31 - 1) --
When present, the value of maxOperations instructs the supplier to send no more than that number of update operations per LBURPUpdateRequest.updateOperationList (see section 5.3.2). If the consumer does not send a maxOperations value, it MUST be prepared to accept any number of update operations per LBURPUpdateRequest.updateOperationList. The supplier MAY send fewer but MUST NOT send more than maxOperations update operations in a single LBURPUpdateRequest.updateOperationList.
当存在时,maxOperations的值指示供应商按照LBURPUpdateRequest.updateOperationList发送的更新操作数量不超过该数量(见第5.3.2节)。如果使用者未发送maxOperations值,则必须准备接受每个LBURPUpdateRequest.updateOperationList的任意数量的更新操作。供应商可以在单个LBURPUpdateRequest.updateOperationList中发送较少的maxOperations更新操作,但不能发送多于maxOperations更新操作。
The LBURPUpdateRequest message is used to send a set of zero or more LDAP update operations from the supplier to the consumer along with sequencing information that enables the consumer to maintain the proper sequencing of multiple asynchronous LBURPUpdateRequest messages.
LBURPUpdateRequest消息用于从供应商向使用者发送一组零或多个LDAP更新操作以及序列信息,使使用者能够维护多个异步LBURPUpdateRequest消息的正确序列。
The requestName of the LBURPUpdateRequest is the OID 1.3.6.1.1.17.5.
LBURPUpdateRequest的requestName是OID 1.3.6.1.1.17.5。
The requestValue of an LBURPOperation contains the BER-encoding of the following ASN.1:
LBurpopution的requestValue包含以下ASN.1的BER编码:
LBURPUpdateRequestValue ::= SEQUENCE {
sequenceNumber INTEGER (1 .. maxInt),
updateOperationList UpdateOperationList
}
LBURPUpdateRequestValue ::= SEQUENCE {
sequenceNumber INTEGER (1 .. maxInt),
updateOperationList UpdateOperationList
}
The sequenceNumber orders associated LBURPOperation requests. This enables the consumer to process LBURPOperation requests in the order specified by the supplier. The supplier MUST set the value of sequenceNumber of the first LBURPUpdateRequest to 1, and MUST increment the value of sequenceNumber by 1 for each succeeding LBURPUpdateRequest. In the unlikely event that the number of LBURPUpdateRequest messages exceeds maxInt, a sequenceNumber value of 1 is deemed to be the succeeding sequence number following a sequence number of maxInt.
sequenceNumber命令与LBurpopulation请求关联。这使消费者能够按照供应商指定的顺序处理LBurpopulation请求。供应商必须将第一个LBURPUpdateRequest的sequenceNumber值设置为1,并且必须为每个后续LBURPUpdateRequest将sequenceNumber值增加1。如果LBURPUpdateRequest消息的数量超过maxInt,则sequenceNumber值1被视为maxInt序列号之后的后续序列号。
The UpdateOperationList is a list of one or more standard LDAP update requests and is defined as follows:
UpdateOperationList是一个或多个标准LDAP更新请求的列表,定义如下:
UpdateOperationList ::= SEQUENCE OF SEQUENCE{
updateOperation CHOICE {
addRequest AddRequest,
modifyRequest ModifyRequest,
delRequest DelRequest,
modDNRequest ModifyDNRequest
},
controls [0] Controls OPTIONAL
}
UpdateOperationList ::= SEQUENCE OF SEQUENCE{
updateOperation CHOICE {
addRequest AddRequest,
modifyRequest ModifyRequest,
delRequest DelRequest,
modDNRequest ModifyDNRequest
},
controls [0] Controls OPTIONAL
}
AddRequest, ModifyRequest, DelRequest, and ModifyDNRequest are defined in [RFC2251], sections 4.6, 4.7, 4.8, and 4.9.
[RFC2251]第4.6、4.7、4.8和4.9节定义了AddRequest、ModifyRequest、DelRequest和ModifyDNRequest。
The LDAP update requests in the UpdateOperationList MUST be applied to the DIT in the order in which they are listed.
UpdateOperationList中的LDAP更新请求必须按其列出的顺序应用于DIT。
An LBURPUpdateResponse message is sent from the consumer to the supplier to signal that all of the update operations from the UpdateOperationList of an LBURPUpdateRequest have been completed and to give the results for the update operations from that list.
消费者向供应商发送LBURPUpdateResponse消息,表示LBURPUpdateRequest的UpdateOperationList中的所有更新操作都已完成,并给出该列表中更新操作的结果。
The responseName of the LBURPUpdateResponse is the OID 1.3.6.1.1.17.6.
LBURPUpdateResponse的responseName是OID 1.3.6.1.1.17.6。
If the consumer server cannot successfully decode an LBURPUpdateRequest in its entirety, the resultCode for the corresponding LBURPUpdateResponse is set to protocolError and the response element is omitted. Updates from the LBURPUpdateRequest SHALL NOT be committed to the DIT in this circumstance.
如果使用者服务器无法成功地完整解码LBURPUpdateRequest,则相应LBURPUpdateResponse的resultCode将设置为protocolError,并省略response元素。在这种情况下,LBURPUpdateRequest的更新不应提交给DIT。
If the status of all of the update operations being reported by an LBURPUpdateResponse message is success, the resultCode of the LBURPUpdateResponse message is set to success and the response element is omitted.
如果LBURPUpdateResponse消息报告的所有更新操作的状态为success,则LBURPUpdateResponse消息的resultCode设置为success,并且忽略response元素。
If the status of any of the update operations being reported by an LBURPUpdateResponse message is something other than success, the resultCode for the entire LBURPUpdateResponse is set to other to signal that the response element is present.
如果LBURPUpdateResponse消息报告的任何更新操作的状态不是success,则整个LBURPUpdateResponse的resultCode设置为other以表示响应元素存在。
When a response element is included in an LBURPUpdateResponse message, it contains the BER-encoding of the following ASN.1:
当响应元素包含在LBURPUpdateResponse消息中时,它包含以下ASN.1的BER编码:
OperationResults ::= SEQUENCE OF OperationResult
OperationResults ::= SEQUENCE OF OperationResult
OperationResult ::= SEQUENCE {
operationNumber INTEGER,
ldapResult LDAPResult
}
OperationResult ::= SEQUENCE {
operationNumber INTEGER,
ldapResult LDAPResult
}
An OperationResult is included for each operation from the UpdateOperationList that failed during processing.
处理过程中失败的UpdateOperationList中的每个操作都包含OperationResult。
The operationNumber identifies the LDAP update operation from the UpdateOperationList of the LBURPUpdateRequest that failed. Operations are numbered beginning at 1.
operationNumber从失败的LBURPUpdateRequest的UpdateOperationList中标识LDAP更新操作。操作从1开始编号。
The ldapResult included in the OperationResult is the same ldapResult that would be sent for the update operation that failed if it had failed while being processed as a normal LDAP update operation. LDAPResult is defined in [RFC2251], section 4.1.10.
OperationResult中包含的ldapResult与作为正常LDAP更新操作处理时失败的更新操作发送的ldapResult相同。LDAPResult的定义见[RFC2251]第4.1.10节。
The requestName of the EndLBURPRequest is the OID 1.3.6.1.1.17.3.
EndLBURPRequest的请求名是OID 1.3.6.1.1.17.3。
The requestValue contains the BER-encoding of the following ASN.1:
requestValue包含以下ASN.1的BER编码:
EndLBURPRequestValue::= SEQUENCE {
sequenceNumber INTEGER (1 .. maxInt)
}
EndLBURPRequestValue::= SEQUENCE {
sequenceNumber INTEGER (1 .. maxInt)
}
The value in sequenceNumber is one greater than the last LBURPUpdateRequest.sequenceNumber in the update stream. It allows the server to know when it has received all outstanding asynchronous LBURPUpdateRequests.
sequenceNumber中的值比更新流中的最后一个LBURPUpdateRequest.sequenceNumber大一个。它允许服务器知道何时收到所有未完成的异步LBURPUpdateRequests。
The responseName of the EndLBURPResponse is the OID 1.3.6.1.1.17.4.
EndLBURPResponse的响应名称为OID 1.3.6.1.1.17.4。
There is no response element in the EndLBURPResponse message.
EndLBURPResponse消息中没有响应元素。
The initial state of entries in the consumer's DIT plus the LBURPUpdateRequest messages in the update stream collectively represent the desired final state of the consumer's DIT. All LDAP update operations defined in [RFC2251]--Add, Modify, Delete, and Modify DN--are allowed in the incremental update stream. All of the semantics of those operations are in effect, so for instance, an attempt to add an entry that already exists will fail just as it would during a normal LDAP Add operation.
使用者DIT中条目的初始状态加上更新流中的LBURPUpdateRequest消息共同表示使用者DIT的所需最终状态。LDAP[c25]中定义的所有增量操作都是update、Modify和Delete。这些操作的所有语义都有效,因此,例如,添加已存在的条目的尝试将失败,就像在正常的LDAP添加操作中一样。
The consumer server may take any action required to efficiently process the updates sent via LBURP, as long as the final state is equivalent to that which would have been achieved if the updates in the update stream had been applied to the DIT using normal LDAP update operations.
消费者服务器可以采取有效处理通过LBURP发送的更新所需的任何操作,只要最终状态等同于使用正常LDAP更新操作将更新流中的更新应用于DIT时将达到的状态。
The LBURPUpdateRequest messages that form the update stream MAY be sent asynchronously by the supplier to the consumer. This means that the supplier need not wait for an LBURPUpdateResponse message for one LBURPUpdateRequest message before sending the next LBURPUpdateRequest message.
构成更新流的LBURPUpdateRequest消息可以由供应商异步发送给消费者。这意味着供应商在发送下一条LBURPUpdateRequest消息之前,无需等待一条LBURPUpdateRequest消息的LBURPUpdateResponse消息。
When the LBURP update stream contains a request that affects multiple Directory System Agents (DSAs), the consumer MAY choose to perform the request or return a resultCode value of affectsMultipleDSAs. As with any LDAP operation, a consumer MAY send a resultCode value of referral as part of the OperationResult element for any operation on an entry that it does not contain. If the consumer is configured to do so, it MAY chain on behalf of the supplier to complete the update operation instead.
当LBURP更新流包含影响多个目录系统代理(DSA)的请求时,使用者可以选择执行该请求或返回AffectsMultipleDSA的resultCode值。与任何LDAP操作一样,使用者可以发送引用的resultCode值,作为其不包含的条目上任何操作的OperationResult元素的一部分。如果消费者配置为这样做,它可能会代表供应商完成更新操作。
While a consumer server is processing an LBURP update stream, it may choose not to service LDAP requests on other connections. This provision is designed to allow implementers the freedom to implement highly-efficient methods of handling the update stream without being constrained by the need to maintain a live, working DIT database while doing so.
当使用者服务器正在处理LBURP更新流时,它可能会选择不在其他连接上为LDAP请求提供服务。此规定旨在允许实现者自由地实现处理更新流的高效方法,而不受维护活动、工作DIT数据库的需要的限制。
If a consumer chooses to refuse LDAP operation requests from other suppliers during LBURP update, it is RECOMMENDED that the consumer refer those requests to another server that has the appropriate data to complete the operation.
如果使用者选择在LBURP更新期间拒绝来自其他供应商的LDAP操作请求,建议使用者将这些请求提交给具有适当数据的另一台服务器以完成操作。
Unless attribute values specifying timestamps are included as part of the update stream, updates made using LBURP are treated the same as other LDAP operations wherein they are deemed to occur at the present. Consumers MAY store timestamp values sent by suppliers but are not required to do so.
除非指定时间戳的属性值作为更新流的一部分被包括,否则使用LBURP进行的更新被视为与当前发生的其他LDAP操作相同。消费者可以存储供应商发送的时间戳值,但无需这样做。
Implementations may choose to perform the operations in the update stream with special permissions to improve performance.
实现可以选择使用特殊权限执行更新流中的操作,以提高性能。
Consumer implementations should include functionality to detect and terminate connections on which an LBURP session has been initiated but information (such as the EndLBURPRequest) needed to complete the LBURP session is never received. A timeout is one mechanism that can be used to accomplish this.
使用者实现应包括检测和终止已启动LBURP会话但从未收到完成LBURP会话所需信息(如EndLBURPRequest)的连接的功能。超时是一种可以用来实现这一点的机制。
Implementations should ensure that a supplier making an LBURP request is properly authenticated and authorized to make the updates requested. There is a potential for loss of data if updates are made to the DIT without proper authorization. If LBURP is used for replication, implementers should note that unlike other replication protocols, no existing replication agreement between supplier and consumer is required. These risks increase if the consumer server also processes the update stream with special permissions to improve performance. For these reasons, implementers should carefully consider which permissions should be required to perform LBURP operations and take steps to ensure that only connections with appropriate authorization are allowed to perform them.
实施应确保发出LBURP请求的供应商经过适当的身份验证并有权进行请求的更新。如果未经适当授权而对DIT进行更新,则可能会丢失数据。如果LBURP用于复制,实施者应该注意,与其他复制协议不同,供应商和消费者之间不需要现有的复制协议。如果使用者服务器还使用特殊权限处理更新流以提高性能,则这些风险会增加。出于这些原因,实现者应仔细考虑执行LBUP操作所需的权限,并采取措施确保只有具有适当授权的连接才允许执行。
The data contained in the update stream may contain passwords and other sensitive data. Care should be taken to properly safeguard this information while in transit between supplier and consumer. The StartTLS [RFC2830] operation is one mechanism that can be used to provide data confidentiality and integrity services for this purpose.
更新流中包含的数据可能包含密码和其他敏感数据。在供应商和消费者之间传输时,应注意妥善保护这些信息。StartTLS[RFC2830]操作是一种可用于为此目的提供数据机密性和完整性服务的机制。
As with any asynchronous LDAP operation, it may be possible for an LBURP supplier to send asynchronous LBURPUpdateRequest messages to the consumer faster than the consumer can process them. Consumer implementers should take steps to prevent LBURP suppliers from interfering with the normal operation of a consumer server by issuing a rapid stream of asynchronous LBURPUpdateRequest messages.
与任何异步LDAP操作一样,LBURP供应商向使用者发送异步LBURPUpdateRequest消息的速度可能比使用者处理消息的速度更快。使用者实现者应采取措施,通过发出快速的异步LBURPUpdateRequest消息流,防止LBURP供应商干扰使用者服务器的正常操作。
Registration of the following values has been made by the IANA [RFC3383].
IANA已经登记了以下数值[RFC3383]。
The IANA has registered LDAP Object Identifiers identifying the protocol elements defined in this technical specification. The following registration template was provided:
IANA已注册LDAP对象标识符,标识本技术规范中定义的协议元素。提供了以下注册模板:
Subject: Request for LDAP OID Registration Person & email address to contact for further information: Roger Harrison rharrison@novell.com Specification: RFC 4373 Author/Change Controller: IESG Comments: Seven delegations will be made under the assigned OID. The following 6 OIDs are Protocol Mechanism OIDs of type "E" (supportedExtension):
主题:请求LDAP OID注册人员和电子邮件地址,以获取更多信息:Roger Harrisonrharrison@novell.com规范:RFC 4373作者/变更控制员:IESG评论:将根据指定OID进行七次授权。以下6个OID是类型为“E”(supportedExtension)的协议机制OID:
1.3.6.1.1.17.1 StartLBURPRequest LDAP ExtendedRequest message 1.3.6.1.1.17.2 StartLBURPResponse LDAP ExtendedResponse message 1.3.6.1.1.17.3 EndLBURPRequest LDAP ExtendedRequest message 1.3.6.1.1.17.4 EndLBURPResponse LDAP ExtendedResponse message 1.3.6.1.1.17.5 LBURPUpdateRequest LDAP ExtendedRequest message 1.3.6.1.1.17.6 LBURPUpdateResponse LDAP ExtendedResponse message
1.3.6.1.1.17.1 StartBurpreQuest LDAP ExtendedRequest消息1.3.6.1.1.17.2 StartBurpResponse LDAP ExtendedResponse消息1.3.6.1.17.3 EndLBURPRequest LDAP ExtendedRequest消息1.3.6.1.1.17.4 EndLBURPResponse LDAP ExtendedResponse消息1.3.6.1.1.17.5 LBURPUpdateRequest LDAP ExtendedRequest消息1.3.6.1.1.17.6 LBURPUpdateResponse扩展响应消息
The following 1 OID is a Protocol Mechanism OID of type "F" (supportedFeature):
以下1 OID是类型为“F”(supportedFeature)的协议机制OID:
1.3.6.1.1.17.7 LBURP Incremental Update style OID
1.3.6.1.1.17.7 LBURP增量更新样式OID
[RFC2119] Bradner, S., "Key Words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。
[RFC2251] Wahl, M., Howes, T., and S. Kille, "Lightweight Directory Access Protocol (v3)", RFC 2251, December 1997.
[RFC2251]Wahl,M.,Howes,T.,和S.Kille,“轻量级目录访问协议(v3)”,RFC 2251,1997年12月。
[RFC3383] Zeilenga, K., "Internet Assigned Numbers Authority (IANA) Considerations for the Lightweight Directory Access Protocol (LDAP)", BCP 64, RFC 3383, September 2002.
[RFC3383]Zeilenga,K.,“轻量级目录访问协议(LDAP)的互联网分配号码管理局(IANA)注意事项”,BCP 64,RFC 3383,2002年9月。
[X.680] ITU-T Recommendation X.680 (07/2002) | ISO/IEC 8824-1:2002
"Information Technology - Abstract Syntax Notation One
(ASN.1): Specification of basic notation"
[X.680] ITU-T Recommendation X.680 (07/2002) | ISO/IEC 8824-1:2002
"Information Technology - Abstract Syntax Notation One
(ASN.1): Specification of basic notation"
[X.690] ITU-T Rec. X.690 (07/2002) | ISO/IEC 8825-1:2002, "Information technology - ASN.1 encoding rules: Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER)", 2002.
[X.690]ITU-T Rec.X.690(07/2002)| ISO/IEC 8825-1:2002,“信息技术-ASN.1编码规则:基本编码规则(BER)、规范编码规则(CER)和区分编码规则(DER)规范”,2002年。
[RFC2830] Hodges, J., Morgan, R., and M. Wahl, "Lightweight Directory Access Protocol (v3): Extension for Transport Layer Security", RFC 2830, May 2000.
[RFC2830]Hodges,J.,Morgan,R.,和M.Wahl,“轻量级目录访问协议(v3):传输层安全扩展”,RFC 2830,2000年5月。
Authors' Addresses
作者地址
Roger Harrison Novell, Inc. 1800 S. Novell Place Provo, UT 84606
罗杰·哈里森·诺维尔公司,地址:美国犹他州普罗沃市诺维尔广场南1800号,邮编:84606
Phone: +1 801 861 2642
EMail: rharrison@novell.com
Phone: +1 801 861 2642
EMail: rharrison@novell.com
Jim Sermersheim Novell, Inc. 1800 S. Novell Place Provo, UT 84606
Jim Sermersheim Novell,Inc.美国犹他州普罗沃市诺维尔广场南1800号,邮编84606
Phone: +1 801 861 3088
EMail: jimse@novell.com
Phone: +1 801 861 3088
EMail: jimse@novell.com
Yulin Dong
董玉林
EMail: yulindong@gmail.com
EMail: yulindong@gmail.com
Full Copyright Statement
完整版权声明
Copyright (C) The Internet Society (2006).
版权所有(C)互联网协会(2006年)。
This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights.
本文件受BCP 78中包含的权利、许可和限制的约束,除其中规定外,作者保留其所有权利。
This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
本文件及其包含的信息是按“原样”提供的,贡献者、他/她所代表或赞助的组织(如有)、互联网协会和互联网工程任务组不承担任何明示或暗示的担保,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。
Intellectual Property
知识产权
The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79.
IETF对可能声称与本文件所述技术的实施或使用有关的任何知识产权或其他权利的有效性或范围,或此类权利下的任何许可可能或可能不可用的程度,不采取任何立场;它也不表示它已作出任何独立努力来确定任何此类权利。有关RFC文件中权利的程序信息,请参见BCP 78和BCP 79。
Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr.
向IETF秘书处披露的知识产权副本和任何许可证保证,或本规范实施者或用户试图获得使用此类专有权利的一般许可证或许可的结果,可从IETF在线知识产权存储库获取,网址为http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org.
IETF邀请任何相关方提请其注意任何版权、专利或专利申请,或其他可能涵盖实施本标准所需技术的专有权利。请将信息发送至IETF的IETF-ipr@ietf.org.
Acknowledgement
确认
Funding for the RFC Editor function is provided by the IETF Administrative Support Activity (IASA).
RFC编辑器功能的资金由IETF行政支持活动(IASA)提供。