[EMAIL PROTECTED] writes: > The latest draft I can find (14 February 2007) states that > > Clients MUST provide a > criticality value of TRUE to prevent unintended modification of the > directory. > > As a consequence, I think the server could reject instances of this control > with a criticality of FALSE, to prevent its unintended use.
RFC 2251 allowed that (or could be read as alllowing it), but RFC 4511 deliberately does not, after long discussions on ldapbis. -- Hallvard
