SUBNF J. Coretta Internet-Draft September 25, 2024 Intended status: Informational Expires: March 24, 2025 The Lightweight Directory Access Protocol (LDAP) Subentry Name Form draft-coretta-ldap-subnf-00.txt Abstract This informational Internet-Draft (I-D) extends a single name form schema definition that facilitates control over the naming policy of [RFC 3672] subentries governed by way of DIT structure rules. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on March 24, 2025. Copyright Notice Copyright (c) 2024 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Coretta Expires Match 24, 2025 [Page 1] Internet-Draft The LDAP Subentry Name Form September 2024 Table of Contents 1. Introduction ....................................................2 1.1. Conventions ................................................2 1.2. Acronyms Used ..............................................2 1.3. Allocations ................................................2 1.4. About Name Forms and DIT Structure Rules ...................3 2. 'subentryForm' ..................................................3 3. IANA Considerations .............................................4 4. Security Considerations .........................................4 5. References ......................................................4 5.1. Normative References .......................................4 5.2. Informational References ...................................4 Author's Address ...................................................4 1. Introduction Directory implementations which actively enforce any number of DIT structure rules while also managing subentries as described within Section 2.4 of [RFC 3672], perhaps as collections for [RFC 3671] collective types, may trigger naming violations following an attempt to create additional subentries. This I-D seeks to mitigate this difficulty by extending a general-use name form definition which can be employed by way of the schema to extend the naming policy enforced by a DIT structure rule to include subentries. 1.1. Conventions The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here. 1.2. Acronyms Used DIT Directory Information Tree LDAP Lightweight Directory Access Protocol RDN Relative Distinguished Name OID ASN.1 Object Identifier 1.3. Allocations This I-D operates within the following OID structure. - 1.3.6.1.4.1.56521 ; author root - 1.3.6.1.4.1.56521.9 (general-use) - 1.3.6.1.4.1.56521.9.4 (directory-services) - 1.3.6.1.4.1.56521.9.4.8 (schema) - 1.3.6.1.4.1.56521.9.4.8.6 (nameForms) Coretta Expires Match 24, 2025 [Page 2] Internet-Draft The LDAP Subentry Name Form September 2024 Should this I-D be elevated to RFC status, the leaf node assigned to the name form definition in Section 2 shall be made OBSOLETE in favor of an IANA-assigned OID, at which point this I-D will be updated to only reference the literal 'IANA-ASSIGNED-OID' placeholder prefix, where appropriate. 1.4. About Name Forms and DIT Structure Rules A name form schema definition, as described in Section 4.1.7.2 of [RFC 4512], is used to declare a constraint to be applied to the RDN of new or relocated entries within a DIT which bear the STRUCTURAL class noted in the name form's OC clause. A DIT structure rule schema definition, per Section 4.1.7.1 of [RFC 4512], enforces the name form specified within its FORM clause upon qualifying entries within the relevant DIT branch or administrative area. 2. 'subentryForm' The 'subentryForm' name form definition manifests as follows: ( 1.3.6.1.4.1.56521.9.4.8.6.1 NAME 'subentryForm' OC subentry MUST cn ) The name form bears the STRUCTURAL 'subentry' class reference as its OC clause value, meaning that it is meant to refer to entries which bear that class within the context enforced by a referencing DIT structure rule. Furthermore, the 'cn' attribute type defined within Section 2.3 of [RFC 4519] that is REQUIRED under all circumstances by the 'subentry' class is now also REQUIRED for use as the principal RDN type. As a simple example, consider this hypothetical structure rule: ( 242 NAME 'subentryStructure' FORM subentryForm SUP ( 0 1 ) ) This hypothetical rule states that any entries that are presently being governed by superior structure rules zero (0) OR one (1) may allow the creation of subordinate 'subentry' entries. Please note that the nature of DIT structure rules allows for significant variations in composition and design across differing directory tree structures and, thus, the above example rule may not effectively support all use-cases as-is. Coretta Expires Match 24, 2025 [Page 3] Internet-Draft The LDAP Subentry Name Form September 2024 3. IANA Considerations There are no requests to IANA in this document at this time. 4. Security Considerations There are no security considerations applicable to this I-D. 5. References 5.1. Normative References [RFC4512] Zeilenga, K., "Lightweight Directory Access Protocol (LDAP): Directory Information Models", RFC 4512, June 2006. [RFC3672] Zeilenga, K., "Subentries in the Lightweight Directory Access Protocol (LDAP)", RFC 3672, December 2003. 5.2. Informational References [RFC3671] Zeilenga, K., "Collective Attributes in the Lightweight Directory Access Protocol (LDAP)", RFC 3671, December 2003. [RFC4519] Sciberras, Ed., A., "Lightweight Directory Access Protocol (LDAP): Schema for User Applications", RFC 4519, June 2006. Author's Address Jesse Coretta California, United States Email: jesse.coretta@icloud.com Coretta Expires Match 24, 2025 [Page 4]