draft-ietf-ldapbis-filter-04.txt   draft-ietf-ldapbis-filter-05.txt 
Network Working Group M. Smith, Editor Network Working Group M. Smith, Editor
Request for Comments: DRAFT Netscape Communications Corp. Request for Comments: DRAFT Netscape Communications Corp.
Obsoletes: RFC 2254 T. Howes Obsoletes: RFC 2254 T. Howes
Expires: 28 August 2003 Opsware, Inc. Expires: 25 April 2004 Opsware, Inc.
28 February 2003 25 October 2003
LDAP: String Representation of Search Filters LDAP: String Representation of Search Filters
<draft-ietf-ldapbis-filter-04.txt> <draft-ietf-ldapbis-filter-05.txt>
1. Status of this Memo 1. Status of this Memo
This document is an Internet-Draft and is subject to all provisions This document is an Internet-Draft and is subject to all provisions
of Section 10 of RFC2026. of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet- other groups may also distribute working documents as Internet-
Drafts. Drafts.
skipping to change at page 2, line 17 skipping to change at page 2, line 17
1. Status of this Memo............................................1 1. Status of this Memo............................................1
2. Abstract.......................................................1 2. Abstract.......................................................1
3. Table of Contents..............................................2 3. Table of Contents..............................................2
4. Introduction...................................................2 4. Introduction...................................................2
5. LDAP Search Filter Definition..................................2 5. LDAP Search Filter Definition..................................2
6. String Search Filter Definition................................4 6. String Search Filter Definition................................4
7. Examples.......................................................5 7. Examples.......................................................5
8. Security Considerations........................................7 8. Security Considerations........................................7
9. Normative References...........................................7 9. Normative References...........................................7
10. Informative References.........................................8 10. Informative References.........................................8
11. Acknowledgments................................................8 11. Intellectual Property Rights...................................8
12. Authors' Address...............................................8 12. Acknowledgments................................................8
13. Full Copyright Statement.......................................9 13. Authors' Address...............................................8
14. Appendix A: Changes Since RFC 2254.............................9 14. Full Copyright Statement.......................................9
14.1. Technical Changes...........................................9 15. Appendix A: Changes Since RFC 2254.............................9
14.2. Editorial Changes...........................................10 15.1. Technical Changes...........................................10
15. Appendix B: Changes Since Previous Document Revision...........11 15.2. Editorial Changes...........................................10
15.1. Technical Changes...........................................11 16. Appendix B: Changes Since Previous Document Revision...........11
15.2. Editorial Changes...........................................11 16.1. Technical Changes...........................................12
16.2. Editorial Changes...........................................12
4. Introduction 4. Introduction
The Lightweight Directory Access Protocol (LDAP) [Protocol] defines a The Lightweight Directory Access Protocol (LDAP) [Protocol] defines a
network representation of a search filter transmitted to an LDAP network representation of a search filter transmitted to an LDAP
server. Some applications may find it useful to have a common way of server. Some applications may find it useful to have a common way of
representing these search filters in a human-readable form; LDAP URLs representing these search filters in a human-readable form; LDAP URLs
are an example of one such application. This document defines a are an example of one such application. This document defines a
human-readable string format for representing the full range of human-readable string format for representing the full range of
possible LDAP version 3 search filters, including extended match possible LDAP version 3 search filters, including extended match
skipping to change at page 3, line 49 skipping to change at page 3, line 49
AttributeValue ::= OCTET STRING AttributeValue ::= OCTET STRING
MatchingRuleId ::= LDAPString MatchingRuleId ::= LDAPString
AssertionValue ::= OCTET STRING AssertionValue ::= OCTET STRING
LDAPString ::= OCTET STRING -- UTF-8 encoded, LDAPString ::= OCTET STRING -- UTF-8 encoded,
-- ISO 10646 characters -- ISO 10646 characters
where the LDAPString above is limited to the UTF-8 encoding [RFC2279] where the LDAPString above is limited to the UTF-8 encoding [UTF-8]
of the ISO 10646 character set [ISO10646]. The AttributeDescription of the ISO 10646 character set [ISO10646]. The AttributeDescription
is a string representation of the attribute description and is is a string representation of the attribute description and is
defined in [Protocol]. The AttributeValue and AssertionValue OCTET defined in [Protocol]. The AttributeValue and AssertionValue OCTET
STRING have the form defined in [Syntaxes]. The Filter is encoded STRING have the form defined in [Syntaxes]. The Filter is encoded
for transmission over a network using the Basic Encoding Rules for transmission over a network using the Basic Encoding Rules
defined in [ASN.1], with simplifications described in [Protocol]. defined in [ASN.1], with simplifications described in [Protocol].
6. String Search Filter Definition 6. String Search Filter Definition
The string representation of an LDAP search filter is a string of The string representation of an LDAP search filter is a string of
skipping to change at page 4, line 33 skipping to change at page 4, line 33
item = simple / present / substring / extensible item = simple / present / substring / extensible
simple = attr filtertype assertionvalue simple = attr filtertype assertionvalue
filtertype = equal / approx / greater / less filtertype = equal / approx / greater / less
equal = EQUALS equal = EQUALS
approx = TILDE EQUALS approx = TILDE EQUALS
greater = RANGLE EQUALS greater = RANGLE EQUALS
less = LANGLE EQUALS less = LANGLE EQUALS
extensible = attr [dnattrs] [matchingrule] COLON EQUALS assertionvalue extensible = attr [dnattrs] [matchingrule] COLON EQUALS assertionvalue
/ [dnattrs] matchingrule COLON EQUALS assertionvalue / [dnattrs] matchingrule COLON EQUALS assertionvalue
/ COLON EQUALS assertionvalue / COLON EQUALS assertionvalue
present = attr EQUALS ASTERIX present = attr EQUALS ASTERISK
substring = attr EQUALS [initial] any [final] substring = attr EQUALS [initial] any [final]
initial = assertionvalue initial = assertionvalue
any = ASTERIX *(assertionvalue ASTERIX) any = ASTERISK *(assertionvalue ASTERISK)
final = assertionvalue final = assertionvalue
attr = attributedescription attr = attributedescription
; The attributedescription rule is defined in ; The attributedescription rule is defined in
; Section 2.5 of [Models]. ; Section 2.5 of [Models].
dnattrs = COLON "dn" dnattrs = COLON "dn"
matchingrule = COLON oid matchingrule = COLON oid
assertionvalue = valueencoding assertionvalue = valueencoding
; The <valueencoding> rule is used to encode an ; The <valueencoding> rule is used to encode an
; <AssertionValue> from Section 4.1.6 of [Protocol]. ; <AssertionValue> from Section 4.1.6 of [Protocol].
valueencoding = 0*(normal / escaped) valueencoding = 0*(normal / escaped)
normal = UTF1SUBSET / UTFMB normal = UTF1SUBSET / UTFMB
escaped = ESC HEX HEX escaped = ESC HEX HEX
UTF1SUBSET = %x01-27 / %x2B-5B / %x5D-7F UTF1SUBSET = %x01-27 / %x2B-5B / %x5D-7F
; UTF1SUBSET excludes 0x00 (NUL), LPAREN, ; UTF1SUBSET excludes 0x00 (NUL), LPAREN,
; RPAREN, ASTERIX, and ESC. ; RPAREN, ASTERISK, and ESC.
EXCLAMATION = %x21 ; exclamation mark ("!") EXCLAMATION = %x21 ; exclamation mark ("!")
AMPERSAND = %x26 ; ampersand (or AND symbol) ("&") AMPERSAND = %x26 ; ampersand (or AND symbol) ("&")
ASTERIX = %x2A ; asterix ("*") ASTERISK = %x2A ; asterisk ("*")
COLON = %x3A ; colon (":") COLON = %x3A ; colon (":")
VERTBAR = %x7C ; vertical bar (or pipe) ("|") VERTBAR = %x7C ; vertical bar (or pipe) ("|")
TILDE = %x7E ; tilde ("~") TILDE = %x7E ; tilde ("~")
Note that although both the <substring> and <present> productions in Note that although both the <substring> and <present> productions in
the grammar above can produce the "attr=*" construct, this construct the grammar above can produce the "attr=*" construct, this construct
is used only to denote a presence filter. is used only to denote a presence filter.
The <valueencoding> rule ensures that the entire filter string is a The <valueencoding> rule ensures that the entire filter string is a
valid UTF-8 string and provides that the octets that represent the valid UTF-8 string and provides that the octets that represent the
skipping to change at page 5, line 40 skipping to change at page 5, line 40
the character to be escaped is replaced by a backslash and two hex the character to be escaped is replaced by a backslash and two hex
digits, which form a single octet in the code of the character. digits, which form a single octet in the code of the character.
For example, the filter checking whether the "cn" attribute contained For example, the filter checking whether the "cn" attribute contained
a value with the character "*" anywhere in it would be represented as a value with the character "*" anywhere in it would be represented as
"(cn=*\2a*)". "(cn=*\2a*)".
As indicated by the valueencoding rule, implementations MUST escape As indicated by the valueencoding rule, implementations MUST escape
all octets greater than 0x7F that are not part of a valid UTF-8 all octets greater than 0x7F that are not part of a valid UTF-8
encoding sequence when they generate a string representation of a encoding sequence when they generate a string representation of a
search filter. Since RFC 2254 does not clearly define the term search filter. Implementations SHOULD accept as input a string that
"string representation" (and in particular does mention that the includes invalid UTF-8 octet sequences. This is necessary because RFC
string representation of an LDAP search filter is a string of UTF-8 2254 did not clearly define the term "string representation" (and in
encoded ISO 10646-1 characters) implementations SHOULD accept as particular did not mention that the string representation of an LDAP
input strings that include invalid UTF-8 octet sequences. search filter is a string of UTF-8 encoded ISO 10646-1 characters).
7. Examples 7. Examples
This section gives a few examples of search filters written using This section gives a few examples of search filters written using
this notation. this notation.
(cn=Babs Jensen) (cn=Babs Jensen)
(!(cn=Tim Howes)) (!(cn=Tim Howes))
(&(objectClass=Person)(|(sn=Jensen)(cn=Babs J*))) (&(objectClass=Person)(|(sn=Jensen)(cn=Babs J*)))
(o=univ*of*mich*) (o=univ*of*mich*)
(seeAlso=) (seeAlso=)
The following examples illustrate the use of extensible matching. The following examples illustrate the use of extensible matching.
(cn:1.2.3.4.5:=Fred Flintstone) (cn:1.2.3.4.5:=Fred Flintstone)
(cn:=Betty Rubble) (cn:=Betty Rubble)
(sn:dn:2.4.6.8.10:=Barney Rubble) (sn:dn:2.4.6.8.10:=Barney Rubble)
(o:dn:=Ace Industry) (o:dn:=Ace Industry)
(:1.2.3:=Wilma Flintstone) (:1.2.3:=Wilma Flintstone)
(:dn:2.4.6.8.10:=Dino) (:dn:2.4.6.8.10:=Dino)
(:=Fred Flintstone)
The first example shows use of the matching rule "1.2.3.4.5". The first example shows use of the matching rule "1.2.3.4.5".
The second example demonstrates use of a MatchingRuleAssertion form The second example demonstrates use of a MatchingRuleAssertion form
without a matchingRule. without a matchingRule.
The third example illustrates the use of the ":dn" notation to The third example illustrates the use of the ":dn" notation to
indicate that matching rule "2.4.6.8.10" should be used when making indicate that matching rule "2.4.6.8.10" should be used when making
comparisons, and that the attributes of an entry's distinguished name comparisons, and that the attributes of an entry's distinguished name
should be considered part of the entry when evaluating the match. should be considered part of the entry when evaluating the match.
The fourth example denotes an equality match, except that DN The fourth example denotes an equality match, except that DN
components should be considered part of the entry when doing the components should be considered part of the entry when doing the
match. match.
The fifth example is a filter that should be applied to any attribute The fifth example is a filter that should be applied to any attribute
supporting the matching rule given (since the attr has been omitted). supporting the matching rule given (since the attr has been omitted).
The sixth example is also a filter that should be applied to any The sixth and final example is also a filter that should be applied
attribute supporting the matching rule given. Attributes supporting to any attribute supporting the matching rule given. Attributes
the matching rule contained in the DN should also be considered. supporting the matching rule contained in the DN should also be
considered.
The seventh and final example is a filter that should be applied to
any attribute (since both the attr and matching rule have been
omitted).
The following examples illustrate the use of the escaping mechanism. The following examples illustrate the use of the escaping mechanism.
(o=Parens R Us \28for all your parenthetical needs\29) (o=Parens R Us \28for all your parenthetical needs\29)
(cn=*\2A*) (cn=*\2A*)
(filename=C:\5cMyFile) (filename=C:\5cMyFile)
(bin=\00\00\00\04) (bin=\00\00\00\04)
(sn=Lu\c4\8di\c4\87) (sn=Lu\c4\8di\c4\87)
(1.3.6.1.4.1.1466.0=\04\02\48\69) (1.3.6.1.4.1.1466.0=\04\02\48\69)
The first example shows the use of the escaping mechanism to The first example shows the use of the escaping mechanism to
represent parenthesis characters. The second shows how to represent a represent parenthesis characters. The second shows how to represent a
"*" in an assertion value, preventing it from being interpreted as a "*" in an assertion value, preventing it from being interpreted as a
substring indicator. The third illustrates the escaping of the substring indicator. The third illustrates the escaping of the
backslash character. backslash character.
The fourth example shows a filter searching for the four-byte value The fourth example shows a filter searching for the four-byte value
0x00000004, illustrating the use of the escaping mechanism to 0x00000004, illustrating the use of the escaping mechanism to
represent arbitrary data, including NUL characters. represent arbitrary data, including NUL characters.
skipping to change at page 8, line 8 skipping to change at page 8, line 5
[Protocol] Sermersheim, J. (editor), "LDAP: The Protocol", draft- [Protocol] Sermersheim, J. (editor), "LDAP: The Protocol", draft-
ietf-ldapbis-protocol-xx.txt, a work in progress. ietf-ldapbis-protocol-xx.txt, a work in progress.
[RFC2119] S. Bradner, "Key words for use in RFCs to Indicate [RFC2119] S. Bradner, "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14 (also RFC 2119), March 1997. Requirement Levels", BCP 14 (also RFC 2119), March 1997.
[RFC2234] Crocker, D., Overell, P., "Augmented BNF for Syntax [RFC2234] Crocker, D., Overell, P., "Augmented BNF for Syntax
Specifications: ABNF", RFC 2234, November 1997. Specifications: ABNF", RFC 2234, November 1997.
[RFC2279] Yergeau, F., "UTF-8, a transformation format of ISO 10646",
RFC 2279, January 1998.
[Roadmap] Zeilenga, K. (editor), "LDAP: Technical Specification Road [Roadmap] Zeilenga, K. (editor), "LDAP: Technical Specification Road
Map", draft-ietf-ldapbis-roadmap-xx.txt, a work in progress. Map", draft-ietf-ldapbis-roadmap-xx.txt, a work in progress.
[Syntaxes] Dally, K. (editor), "LDAP: Syntaxes", draft-ietf-ldapbis- [Syntaxes] Dally, K. (editor), "LDAP: Syntaxes", draft-ietf-ldapbis-
syntaxes-xx.txt, a work in progress. syntaxes-xx.txt, a work in progress.
[UTF-8] Yergeau, F., "UTF-8, a transformation format of ISO 10646",
draft-yergeau-rfc2279bis-xx.txt, a work in progress.
10. Informative References 10. Informative References
None. None.
11. Acknowledgments 11. Intellectual Property Rights
The IETF takes no position regarding the validity or scope of any
intellectual property or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; neither does it represent that it
has made any effort to identify any such rights. Information on the
IETF's procedures with respect to rights in standards-track and
standards-related documentation can be found in BCP-11. Copies of
claims of rights made available for publication and any assurances of
licenses to be made available, or the result of an attempt made to
obtain a general license or permission for the use of such
proprietary rights by implementors or users of this specification can
be obtained from the IETF Secretariat.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights which may cover technology that may be required to practice
this standard. Please address the information to the IETF Executive
Director.
12. Acknowledgments
This document replaces RFC 2254 by Tim Howes. Changes included in This document replaces RFC 2254 by Tim Howes. Changes included in
this revised specification are based upon discussions among the this revised specification are based upon discussions among the
authors, discussions within the LDAP (v3) Revision Working Group authors, discussions within the LDAP (v3) Revision Working Group
(ldapbis), and discussions within other IETF Working Groups. The (ldapbis), and discussions within other IETF Working Groups. The
contributions of individuals in these working groups is gratefully contributions of individuals in these working groups is gratefully
acknowledged. acknowledged.
12. Authors' Address 13. Authors' Address
Mark Smith, Editor Mark Smith, Editor
Netscape Communications Corp. Netscape Communications Corp.
360 W. Caribbean Drive 360 W. Caribbean Drive
Sunnyvale, CA 94089 Sunnyvale, CA 94089
USA USA
+1 650 937-3477 +1 650 937-3477
mcs@netscape.com MarkCSmithWork@aol.com
Tim Howes Tim Howes
Opsware, Inc. Opsware, Inc.
599 N. Mathilda Ave. 599 N. Mathilda Ave.
Sunnyvale, CA 94085 Sunnyvale, CA 94085
USA USA
+1 408 744-7509 +1 408 744-7509
howes@opsware.com howes@opsware.com
13. Full Copyright Statement 14. Full Copyright Statement
Copyright (C) The Internet Society (2003). All Rights Reserved. Copyright (C) The Internet Society (2003). All Rights Reserved.
This document and translations of it may be copied and furnished to This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it others, and derivative works that comment on or otherwise explain it
or assist in its implementation may be prepared, copied, published or assist in its implementation may be prepared, copied, published
and distributed, in whole or in part, without restriction of any and distributed, in whole or in part, without restriction of any
kind, provided that the above copyright notice and this paragraph are kind, provided that the above copyright notice and this paragraph are
included on all such copies and derivative works. However, this included on all such copies and derivative works. However, this
document itself may not be modified in any way, such as by removing document itself may not be modified in any way, such as by removing
skipping to change at page 9, line 33 skipping to change at page 9, line 47
The limited permissions granted above are perpetual and will not be The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assigns. revoked by the Internet Society or its successors or assigns.
This document and the information contained herein is provided on an This document and the information contained herein is provided on an
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
14. Appendix A: Changes Since RFC 2254 15. Appendix A: Changes Since RFC 2254
14.1. Technical Changes 15.1. Technical Changes
The following technical changes were made to the contents of the The following technical changes were made to the contents of the
"String Search Filter Definition" section: "String Search Filter Definition" section:
Added statement that the string representation is a string of UTF-8 Added statement that the string representation is a string of UTF-8
encoded ISO 10646-1 characters. encoded ISO 10646-1 characters.
Revised all of the ABNF to use common productions from [Models]. Revised all of the ABNF to use common productions from [Models].
Replaced the "value" rule with a new "assertionvalue" rule within the Replaced the "value" rule with a new "assertionvalue" rule within the
skipping to change at page 10, line 15 skipping to change at page 10, line 33
Introduced the "valueencoding" and associated "normal" and "escaped" Introduced the "valueencoding" and associated "normal" and "escaped"
rules to reduce the dependence on descriptive text. The "normal" rules to reduce the dependence on descriptive text. The "normal"
production restricts filter strings to valid UTF-8 sequences. production restricts filter strings to valid UTF-8 sequences.
Added a third option to the "extensible" production to allow creation Added a third option to the "extensible" production to allow creation
of a MatchingRuleAssertion that only has a matchValue. of a MatchingRuleAssertion that only has a matchValue.
Added a statement about expected behavior in light of RFC 2254's lack Added a statement about expected behavior in light of RFC 2254's lack
of a clear definition of "string representation." of a clear definition of "string representation."
14.2. Editorial Changes 15.2. Editorial Changes
Changed document title to include "LDAP:" prefix. Changed document title to include "LDAP:" prefix.
IESG Note: removed note about lack of satisfactory mandatory IESG Note: removed note about lack of satisfactory mandatory
authentication mechanisms. authentication mechanisms.
Header and "Authors' Addresses" sections: added Mark Smith as the Header and "Authors' Addresses" sections: added Mark Smith as the
document editor and updated affiliation and contact information. document editor and updated affiliation and contact information.
"Table of Contents" section: added. "Table of Contents" and "Intellectual Property Rights" sections:
added.
Copyright: updated the year. Copyright: updated per latest IETF guidelines.
"Abstract" section: separated from introductory material. "Abstract" section: separated from introductory material.
"Introduction" section: new section; separated from the Abstract. "Introduction" section: new section; separated from the Abstract.
Updated second paragraph to indicate that RFC 2254 is replaced by Updated second paragraph to indicate that RFC 2254 is replaced by
this document (instead of RFC 1960). Added reference to the [Roadmap] this document (instead of RFC 1960). Added reference to the [Roadmap]
document. document.
"LDAP Search Filter Definition" section: made corrections to the "LDAP Search Filter Definition" section: made corrections to the
LDAPv3 search filter ABNF so it matches that used in [Protocol]. LDAPv3 search filter ABNF so it matches that used in [Protocol].
Clarified the definition of 'value' (now 'assertionvalue') to take Clarified the definition of 'value' (now 'assertionvalue') to take
into account the fact that it is not precisely an AttributeAssertion into account the fact that it is not precisely an AttributeAssertion
from [Protocol] section 4.1.6 (special handling is required for some from [Protocol] section 4.1.6 (special handling is required for some
characters). Added a note that each octet of a character to be characters). Added a note that each octet of a character to be
escaped is replaced by a backslash and two hex digits, which escaped is replaced by a backslash and two hex digits, which
represent a single octet. represent a single octet.
"Examples" section: added five additional examples: (seeAlso=), "Examples" section: added four additional examples: (seeAlso=),
(cn:=Betty Rubble), (:1.2.3:=Wilma Flintstone), (:=Fred Flintstone), (cn:=Betty Rubble), (:1.2.3:=Wilma Flintstone), and
and (1.3.6.1.4.1.1466.0=\04\02\48\69). Replaced one occurrence of "a (1.3.6.1.4.1.1466.0=\04\02\48\69). Replaced one occurrence of "a
value" with "an assertion value". value" with "an assertion value".
"Security Considerations" section: added references to [Protocol] and "Security Considerations" section: added references to [Protocol] and
[AuthMeth]. [AuthMeth].
"Normative References" section: renamed from "References" per new RFC "Normative References" section: renamed from "References" per new RFC
guidelines. Changed from [1] style to [Protocol] style throughout the guidelines. Changed from [1] style to [Protocol] style throughout the
document. Added entries for [ISO10646], [RFC2119], [AuthMeth], document. Added entries for [ISO10646], [RFC2119], [AuthMeth],
[Models], and [Roadmap] and updated UTF-8 reference to RFC 2279. [Models], and [Roadmap] and updated the UTF-8 reference. Replaced
Replaced RFC 822 reference with a reference to RFC 2234. RFC 822 reference with a reference to RFC 2234.
"Informative References" section: added for clarity. "Informative References" section: added for clarity.
"Acknowledgments" section: added. "Acknowledgments" section: added.
"Appendix A: Changes Since RFC 2254" section: added. "Appendix A: Changes Since RFC 2254" section: added.
"Appendix B: Changes Since Previous Document Revision" section: "Appendix B: Changes Since Previous Document Revision" section:
added. added.
15. Appendix B: Changes Since Previous Document Revision 16. Appendix B: Changes Since Previous Document Revision
This appendix lists all changes relative to the last published This appendix lists all changes relative to the previously published
revision, draft-ietf-ldapbis-filter-03.txt. Note that when revision, draft-ietf-ldapbis-filter-04.txt. Note that when
appropriate these changes are also included in Appendix A, but are appropriate these changes are also included in Appendix A, but are
also included here for the benefit of the people who have already also included here for the benefit of the people who have already
reviewed draft-ietf-ldapbis-filter-03.txt. This section will be reviewed draft-ietf-ldapbis-filter-04.txt. This section will be
removed before this document is published as an RFC. removed before this document is published as an RFC.
15.1. Technical Changes 16.1. Technical Changes
"String Search Filter Definition" section: Added statement that the
string representation is a string of UTF-8 encoded ISO 10646-1
characters and statement about expected behavior in light of RFC
2254's lack of a clear definition of "string representation."
"String Search Filter Definition" section: Revised all of the ABNF to "Examples" section: Removed the (:=Fred Flintstone) example which is
use common productions from [Models]. Revised the "normal" not allowed by the protocol.
production to restrict filter strings to valid UTF-8 sequences.
15.2. Editorial Changes 16.2. Editorial Changes
"Status of this Memo" section: updated boilerplate to match current "String Search Filter Definition" section: Revised the last two
I-D guidelines. sentences in this section to improve clarity (the updated text now
begins with the text "Implementations SHOULD accept as input a string
that includes...."
"Examples" section: removed ;binary from an example. Replaced all occurrences of "asterix" with the correctly spelled
"asterisk."
"LDAP Search Filter Definition " section: updated section references "Normative References" section: changed UTF-8 reference to point to
to match current LDAPBis drafts. Made minor changes to the ASN.1 so the UTF-8 Internet Draft.
it exactly matches that used in the Protocol document (added
comments).
"Normative References" section: added references to [ISO10646], "Intellectual Property Rights" section: added.
[RFC2119] and [Models].
"Informative References" section: added for clarity. Author's Addresses section: New email address for Mark Smith.
Updated copyright year to 2003. "Full Copyright Statement" section: updated text to match latest IETF
guidelines.
This Internet Draft expires on 28 August 2003. This Internet Draft expires on 25 April 2004.
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/