[EMAIL PROTECTED] wrote: > > The "dontUseCopy" control requires criticality to be TRUE. While this is the > desirable value,
Why is this a desirable value? The answer Kurt gave on ldap-ext mailing list just mentioned direct mapping to X.511 dontUseCopy option. > a DUA could use the control with the criticality set to FALSE. As I stated on ldap-ext mailing list in this case I'd simply accept a best effort on the DSA side. So sending "dontUseCopy" control with criticality FALSE would mean: If the DSA supports this control it should *process* it according to what's specified in draft-zeilenga-ldap-dontusecopy. Otherwise ignore it. The main problem is that a DUA cannot determine in advance whether a DSA supports a certain control for a certain backend. It turned out in practice that looking a supportedControl in rootDSE does not have any meaning at all. IMO yet another control does not solve this. > For full conformance with RFC4511, if the control is syntactically well-formed > and criticality is set to FALSE, slapd MUST accept it if recognized, or MUST > ignore it if not recognized, but CANNOT question the fact that the value of > criticality is violating the control's specification. I'm not sure whether this statement can be made generally. I'd wish so and I'd rephrase "accept it" to "process it". Ciao, Michael.
