draft-ietf-ldapbis-iana-08.txt   draft-ietf-ldapbis-iana-09.txt 
INTERNET-DRAFT Kurt D. Zeilenga INTERNET-DRAFT Kurt D. Zeilenga
Intended Category: BCP OpenLDAP Foundation Intended Category: BCP OpenLDAP Foundation
Expires in six months 29 July 2002 Expires in six months 1 August 2002
IANA Considerations for LDAP IANA Considerations for LDAP
<draft-ietf-ldapbis-iana-08.txt> <draft-ietf-ldapbis-iana-09.txt>
Status of Memo Status of Memo
This document is an Internet-Draft and is in full conformance with all This document is an Internet-Draft and is in full conformance with all
provisions of Section 10 of RFC2026. provisions of Section 10 of RFC2026.
This document is intended to be, after appropriate review and This document is intended to be, after appropriate review and
revision, submitted to the RFC Editor as a Best Current Practice revision, submitted to the RFC Editor as a Best Current Practice
document. Distribution of this memo is unlimited. Technical document. Distribution of this memo is unlimited. Technical
discussion of this document will take place on the IETF LDAP Revision discussion of this document will take place on the IETF LDAP Revision
skipping to change at page 2, line 15 skipping to change at page 2, line 15
1. Introduction 1. Introduction
The Lightweight Directory Access Protocol [LDAPTS] (LDAP) is an The Lightweight Directory Access Protocol [LDAPTS] (LDAP) is an
extensible protocol. LDAP supports: extensible protocol. LDAP supports:
- addition of new operations, - addition of new operations,
- extension of existing operations, and - extension of existing operations, and
- extensible schema. - extensible schema.
This document details procedures for registering values of used to This document details procedures for registering values of used to
unambiguously identify extensible elements of the protocol including: unambiguously identify extensible elements of the protocol including:
- LDAP message types, - LDAP message types;
- LDAP result codes, - LDAP extended operations and controls;
- LDAP authentication methods, - LDAP result codes;
- LDAP attribute description options, and - LDAP authentication methods;
- LDAP attribute description options; and
- Object Identifier descriptors. - Object Identifier descriptors.
These registries are maintained by the Internet Assigned Numbers These registries are maintained by the Internet Assigned Numbers
Authority (IANA). Authority (IANA).
In addition, this document provides guidelines to IANA describing the In addition, this document provides guidelines to IANA describing the
conditions under which new values can be assigned. conditions under which new values can be assigned.
2. Terminology and Conventions 2. Terminology and Conventions
skipping to change at page 3, line 32 skipping to change at page 3, line 33
A keyword is a case-insensitive string of UTF-8 [RFC2279] encoded A keyword is a case-insensitive string of UTF-8 [RFC2279] encoded
characters from the Universal Character Set (UCS) [ISO10646] characters from the Universal Character Set (UCS) [ISO10646]
restricted to the <keystring> production. restricted to the <keystring> production.
3. IANA Considerations for LDAP 3. IANA Considerations for LDAP
This section details each kind of protocol value which can be This section details each kind of protocol value which can be
registered and provides IANA guidelines on how to assign new values. registered and provides IANA guidelines on how to assign new values.
IANA may reject obviously bogus registrations described.
3.1. Object Identifiers 3.1. Object Identifiers
Numerous LDAP schema and protocol elements are identified by Object Numerous LDAP schema and protocol elements are identified by Object
Identifiers. Specifications which assign OIDs to elements SHOULD Identifiers. Specifications which assign OIDs to elements SHOULD
state who delegated the OIDs for its use. state who delegated the OIDs for its use.
For IETF developed elements, specifications SHOULD use OIDs under For IETF developed elements, specifications SHOULD use OIDs under
"Internet Directory Numbers" (1.3.6.1.1.x). Numbers under this OID "Internet Directory Numbers" (1.3.6.1.1.x). Numbers under this OID
arc will be assigned upon Expert Review with Specification Required. arc will be assigned upon Expert Review with Specification Required.
Only one OID per specification will be assigned. The specification Only one OID per specification will be assigned. The specification
skipping to change at page 4, line 15 skipping to change at page 4, line 19
(e.g., the RFC), experimental OIDs SHOULD be used in ''works in (e.g., the RFC), experimental OIDs SHOULD be used in ''works in
progress'' and early implementations. OIDs under the Internet progress'' and early implementations. OIDs under the Internet
Experimental OID arc (1.3.6.1.3.x) may be used for this purpose. Experimental OID arc (1.3.6.1.3.x) may be used for this purpose.
Experimental OIDs are not to used in published specifications (e.g. Experimental OIDs are not to used in published specifications (e.g.
RFCs). RFCs).
Practices for IANA assignment of Internet Enterprise and Experimental Practices for IANA assignment of Internet Enterprise and Experimental
OIDs are detailed in STD 16 [RFC1155]. OIDs are detailed in STD 16 [RFC1155].
3.2. Object Identifier Descriptors 3.2 Protocol Mechanisms
LDAP provides a number of Root DSE attributes for discovery of
protocol mechanisms identified by OIDs, including:
- supportedControl [RFC2252] and
- supportedExtension [RFC2252].
A registry of OIDs used for discover of protocol mechanisms is
provided to allow implementors and others to locate the technical
specification for these protocol mechanisms. Future specifications of
additional Root DSE attributes holding values identifying protocol
mechanisms MAY extend this registry for their values.
OIDs associated with discoverable protocol mechanisms SHOULD be
registered. These are be considered on a First Come First Served with
Specification Required basis.
OIDs associated with Standard Track mechanisms MUST be registered and
require Standards Action.
3.3. Object Identifier Descriptors
LDAP allows short descriptive names (or descriptors) to be used LDAP allows short descriptive names (or descriptors) to be used
instead of a numeric Object Identifier to identify protocol extensions instead of a numeric Object Identifier to identify protocol extensions
[RFC2251], schema elements [RFC2252], LDAP URL [RFC2255] extensions, [RFC2251], schema elements [RFC2252], LDAP URL [RFC2255] extensions,
and other objects. Descriptors are restricted to strings of UTF-8 and other objects. Descriptors are restricted to strings of UTF-8
encoded UCS characters restricted by the following ABNF: encoded UCS characters restricted by the following ABNF:
name = keystring name = keystring
Descriptors are case-insensitive. Descriptors are case-insensitive.
Multiple names may be assigned to a given OID. For purposes of Multiple names may be assigned to a given OID. For purposes of
registration, an OID is to be represented in numeric OID form registration, an OID is to be represented in numeric OID form
conforming to the ABNF: conforming to the ABNF:
numericoid = number *( DOT number ) ; e.g. 1.1.0.23.40 numericoid = number *( DOT number ) ; e.g. 1.1.0.23.40
While the protocol places no maximum length restriction upon While the protocol places no maximum length restriction upon
descriptors, they should be short. Descriptors longer than 48 descriptors, they should be short. Descriptors longer than 48
characters may be viewed as too long to register. IANA may reject characters may be viewed as too long to register.
obviously bogus registrations.
A values ending with a hyphen ("-") reserve all descriptors which A values ending with a hyphen ("-") reserve all descriptors which
start with the value. For example, the registration of the option start with the value. For example, the registration of the option
"descrFamily-" reserves all options which start with "descrFamily-" "descrFamily-" reserves all options which start with "descrFamily-"
for some related purpose. for some related purpose.
Descriptors beginning with "x-" are for Private Use and cannot be Descriptors beginning with "x-" are for Private Use and cannot be
registered. registered.
Descriptors beginning with "e-" are reserved for experiments and will Descriptors beginning with "e-" are reserved for experiments and will
be registered on a First Come First Served basis. be registered on a First Come First Served basis.
All other descriptors require Expert Review to be registered. All other descriptors require Expert Review to be registered.
The registrant need not "own" the OID being named. The registrant need not "own" the OID being named.
The OID namespace is managed by The ISO/IEC Joint Technical Committee The OID namespace is managed by The ISO/IEC Joint Technical Committee
1 - Subcommittee 6. 1 - Subcommittee 6.
3.3. AttributeDescription Options 3.4. AttributeDescription Options
An AttributeDescription [RFC2251, Section 4.1.5] can contain zero or An AttributeDescription [RFC2251, Section 4.1.5] can contain zero or
more options specifying additional semantics. An option SHALL be more options specifying additional semantics. An option SHALL be
restricted to a string UTF-8 encoded UCS characters limited by the restricted to a string UTF-8 encoded UCS characters limited by the
following ABNF: following ABNF:
option = keystring option = keystring
Options are case-insensitive. Options are case-insensitive.
While the protocol places no maximum length restriction upon option While the protocol places no maximum length restriction upon option
strings, they should be short. Options longer than 24 characters may strings, they should be short. Options longer than 24 characters may
be viewed as too long to register. IANA may reject obviously bogus be viewed as too long to register.
registrations.
Values ending with a hyphen ("-") reserve all option names which start Values ending with a hyphen ("-") reserve all option names which start
with the name. For example, the registration of the option with the name. For example, the registration of the option
"optionFamily-" reserves all options which start with "optionFamily-" "optionFamily-" reserves all options which start with "optionFamily-"
for some related purpose. for some related purpose.
Options beginning with "x-" are for Private Use and cannot be Options beginning with "x-" are for Private Use and cannot be
registered. registered.
Options beginning with "e-" are reserved for experiments and will be Options beginning with "e-" are reserved for experiments and will be
registered on a First Come First Served basis. registered on a First Come First Served basis.
All other options require Standards Action or Expert Review with All other options require Standards Action or Expert Review with
Specification Required to be registered. Specification Required to be registered.
3.4. LDAP Message Types 3.5. LDAP Message Types
Each protocol message is encapsulated in an LDAPMessage envelope Each protocol message is encapsulated in an LDAPMessage envelope
[RFC2251, Section 4.1.1]. The protocolOp CHOICE indicates the type of [RFC2251, Section 4.1.1]. The protocolOp CHOICE indicates the type of
message encapsulated. Each message type consists of a keyword and a message encapsulated. Each message type consists of a keyword and a
non-negative choice number is combined with the class (APPLICATION) non-negative choice number is combined with the class (APPLICATION)
and data type (CONSTRUCTED or PRIMITIVE) to construct the BER tag in and data type (CONSTRUCTED or PRIMITIVE) to construct the BER tag in
the message's encoding. The choice numbers for existing protocol the message's encoding. The choice numbers for existing protocol
messages are implicit in the protocol's ASN.1 defined in [RFC2251]. messages are implicit in the protocol's ASN.1 defined in [RFC2251].
New values will be registered upon Standards Action. New values will be registered upon Standards Action.
Note: LDAP provides extensible messages which reduces, but does not Note: LDAP provides extensible messages which reduces, but does not
eliminate, the need to add new message types. eliminate, the need to add new message types.
3.5. LDAP Result Codes 3.6. LDAP Result Codes
LDAP result messages carry an resultCode enumerated value to indicate LDAP result messages carry an resultCode enumerated value to indicate
the outcome of the operation [RFC2251, Section 4.1.10]. Each result the outcome of the operation [RFC2251, Section 4.1.10]. Each result
code consists of a keyword and a non-negative integer. code consists of a keyword and a non-negative integer.
New resultCodes integers in the range 0-1023 require Standards Action New resultCodes integers in the range 0-1023 require Standards Action
to be registered. New resultCode integers in the range 1024-4095 to be registered. New resultCode integers in the range 1024-4095
require Expert Review with Specification Required. New resultCode require Expert Review with Specification Required. New resultCode
integers in the range 4096-16383 will be registered on a First Come integers in the range 4096-16383 will be registered on a First Come
First Served basis. Keywords associated with integers in the range First Served basis. Keywords associated with integers in the range
0-4095 SHALL NOT start with "e-" or "x-". Keywords associated with 0-4095 SHALL NOT start with "e-" or "x-". Keywords associated with
integers in the range 4096-16383 SHALL start with "e-". Values integers in the range 4096-16383 SHALL start with "e-". Values
greater than or equal to 16384 and keywords starting with "x-" are for greater than or equal to 16384 and keywords starting with "x-" are for
Private Use and cannot be registered. Private Use and cannot be registered.
IANA may reject obviously bogus registrations. 3.7. LDAP Authentication Method
3.6. LDAP Authentication Method
The LDAP Bind operation supports multiple authentication methods The LDAP Bind operation supports multiple authentication methods
[RFC2251, Section 4.2]. Each authentication choice consists of a [RFC2251, Section 4.2]. Each authentication choice consists of a
keyword and a non-negative integer. keyword and a non-negative integer.
The registrant SHALL classify the authentication method usage using The registrant SHALL classify the authentication method usage using
one of the following terms: one of the following terms:
COMMON - method is appropriate for common use on the Internet, COMMON - method is appropriate for common use on the Internet,
LIMITED USE - method is appropriate for limited use, LIMITED USE - method is appropriate for limited use,
OBSOLETE - method has been deprecated or otherwise found to be OBSOLETE - method has been deprecated or otherwise found to be
inappropriate for any use. inappropriate for any use.
Methods without publicly available specifications SHALL NOT be Methods without publicly available specifications SHALL NOT be
classified as COMMON. New registrations of class OBSOLETE cannot be classified as COMMON. New registrations of class OBSOLETE cannot be
registered. IANA may reject obviously bogus registrations. registered.
New authentication method integers in the range 0-1023 require New authentication method integers in the range 0-1023 require
Standards Action to be registered. New authentication method integers Standards Action to be registered. New authentication method integers
in the range 1024-4095 require Expert Review with Specification in the range 1024-4095 require Expert Review with Specification
Required. New authenticaiton method integers in the range 4096-16383 Required. New authenticaiton method integers in the range 4096-16383
will be registered on a First Come First Served basis. Keywords will be registered on a First Come First Served basis. Keywords
associated with integers in the range 0-4095 SHALL NOT start with "e-" associated with integers in the range 0-4095 SHALL NOT start with "e-"
or "x-". Keywords associated with integers in the range 4096-16383 or "x-". Keywords associated with integers in the range 4096-16383
SHALL start with "e-". Values greater than or equal to 16384 and SHALL start with "e-". Values greater than or equal to 16384 and
keywords starting with "x-" are for Private Use and cannot be keywords starting with "x-" are for Private Use and cannot be
registered. registered.
Note: LDAP supports SASL [RFC2222] as an Authentication CHOICE. SASL Note: LDAP supports SASL [RFC2222] as an Authentication CHOICE. SASL
is an extensible LDAP authentication method. is an extensible LDAP authentication method.
3.7. Directory Systems Names 3.8. Directory Systems Names
The IANA-maintained "Directory Systems Names" registry [IANADSN] of The IANA-maintained "Directory Systems Names" registry [IANADSN] of
valid keywords for well known attributes used in the LDAPv2 string valid keywords for well known attributes used in the LDAPv2 string
representation of a distinguished name [RFC1779]. RFC 1779 was representation of a distinguished name [RFC1779]. RFC 1779 was
obsoleted by RFC 2253. obsoleted by RFC 2253.
Directory systems names are not known to be used in any other context. Directory systems names are not known to be used in any other context.
LDAPv3 uses Object Identifier Descriptors [Section 3.2] (which have a LDAPv3 uses Object Identifier Descriptors [Section 3.2] (which have a
different syntax than directory system names). different syntax than directory system names).
skipping to change at page 11, line 9 skipping to change at page 11, line 28
Person & email address to contact for further information: Person & email address to contact for further information:
Specification: (I-D) Specification: (I-D)
Author/Change Controller: Author/Change Controller:
Comments: Comments:
(Any comments that the requester deems relevant to the request) (Any comments that the requester deems relevant to the request)
A.2. LDAP Descriptor Registration Template A.2. LDAP Object Identifier Discovery Registration Template
Subject: Request for LDAP Protocol Mechansism Registration
Object Identifier:
Description:
Person & email address to contact for further information:
Usage: (One of Control or Extension)
Specification: (I-D)
Author/Change Controller:
Comments:
(Any comments that the requester deems relevant to the request)
A.3. LDAP Descriptor Registration Template
Subject: Request for LDAP Descriptor Registration Subject: Request for LDAP Descriptor Registration
Descriptor (short name): Descriptor (short name):
Object Identifier: Object Identifier:
Person & email address to contact for further information: Person & email address to contact for further information:
Usage: (One of attribute type, URL extension, Usage: (One of attribute type, URL extension,
object class, or other) object class, or other)
Specification: (RFC, I-D, URI) Specification: (RFC, I-D, URI)
Author/Change Controller: Author/Change Controller:
Comments: Comments:
(Any comments that the requester deems relevant to the request) (Any comments that the requester deems relevant to the request)
A.3. LDAP Attribute Description Option Registration Template A.4. LDAP Attribute Description Option Registration Template
Subject: Request for LDAP Attribute Description Option Registration Subject: Request for LDAP Attribute Description Option Registration
Option Name: Option Name:
Family of Options: (YES or NO) Family of Options: (YES or NO)
Person & email address to contact for further information: Person & email address to contact for further information:
Specification: (RFC, I-D, URI) Specification: (RFC, I-D, URI)
Author/Change Controller: Author/Change Controller:
Comments: Comments:
(Any comments that the requester deems relevant to the request) (Any comments that the requester deems relevant to the request)
A.4. LDAP Message Type Registration Template A.5. LDAP Message Type Registration Template
Subject: Request for LDAP Message Type Registration Subject: Request for LDAP Message Type Registration
LDAP Message Name: LDAP Message Name:
Person & email address to contact for further information: Person & email address to contact for further information:
Specification: (Approved I-D) Specification: (Approved I-D)
Comments: Comments:
(Any comments that the requester deems relevant to the request) (Any comments that the requester deems relevant to the request)
A.5. LDAP Result Code Registration Template A.6. LDAP Result Code Registration Template
Subject: Request for LDAP Result Code Registration Subject: Request for LDAP Result Code Registration
Result Code Name: Result Code Name:
Person & email address to contact for further information: Person & email address to contact for further information:
Specification: (RFC, I-D, URI) Specification: (RFC, I-D, URI)
Author/Change Controller: Author/Change Controller:
Comments: Comments:
(Any comments that the requester deems relevant to the request) (Any comments that the requester deems relevant to the request)
A.6. LDAP Authentication Method Registration Template A.7. LDAP Authentication Method Registration Template
Subject: Request for LDAP Authentication Method Registration Subject: Request for LDAP Authentication Method Registration
Authentication Method Name: Authentication Method Name:
Person & email address to contact for further information: Person & email address to contact for further information:
Specification: (RFC, I-D, URI) Specification: (RFC, I-D, URI)
Intended Usage: (One of COMMON, LIMITED-USE, OBSOLETE) Intended Usage: (One of COMMON, LIMITED-USE, OBSOLETE)
skipping to change at page 13, line 10 skipping to change at page 14, line 4
Comments: Comments:
(Any comments that the requester deems relevant to the request) (Any comments that the requester deems relevant to the request)
Appendix B. Assigned Values Appendix B. Assigned Values
The following values are currently assigned. The following values are currently assigned.
B.1. Object Identifiers B.1. Object Identifiers
Currently registered "Internet Private Enterprise Numbers" can be Currently registered "Internet Private Enterprise Numbers" can be
found at <http://www.iana.org/assignments/enterprise-numbers>. found at <http://www.iana.org/assignments/enterprise-numbers>.
Currently registered "Internet Directory Numbers" can be found at Currently registered "Internet Directory Numbers" can be found at
<http://www.iana.org/assignments/smi-numbers>. <http://www.iana.org/assignments/smi-numbers>.
B.2. Object Identifier Descriptors B.2. Protocol Mechanisms
Object Identifier Type Description Reference
-------------------------- ---- -------------- ---------
1.2.840.113556.1.4.473 C Sort Request [RFC2891]
1.2.840.113556.1.4.474 C Sort Respone [RFC2891]
1.3.6.1.4.1.1466.101.119.1 E Dynamic Refresh [RFC2589]
1.3.6.1.4.1.1466.20037 E Start TLS [RFC2830]
1.3.6.1.4.1.4203.1.11.1 E Modify Password [RFC3062]
2.16.840.1.113730.3.4.2 C ManageDsaIT [RFC3296]
Legend ------------------------ C => supportedControl E =>
supportedExtension
B.3. Object Identifier Descriptors
NAME Type OID [REF] NAME Type OID [REF]
------------------------ ---- ----------------- ------------------------ ---- -----------------
account O 0.9.2342.19200300.100.4.5 [RFC1274] account O 0.9.2342.19200300.100.4.5 [RFC1274]
alias O 2.5.6.1 [RFC2256] alias O 2.5.6.1 [RFC2256]
aliasedEntryName A 2.5.4.1 [X.501] aliasedEntryName A 2.5.4.1 [X.501]
aliasedObjectName A 2.5.4.1 [RFC2256] aliasedObjectName A 2.5.4.1 [RFC2256]
altServer A 1.3.6.1.4.1.1466.101.120.6 [RFC2252] altServer A 1.3.6.1.4.1.1466.101.120.6 [RFC2252]
applicationEntity O 2.5.6.12 [RFC2256] applicationEntity O 2.5.6.12 [RFC2256]
applicationProcess O 2.5.6.11 [RFC2256] applicationProcess O 2.5.6.11 [RFC2256]
skipping to change at page 18, line 31 skipping to change at page 19, line 40
Legend Legend
------------------------ ------------------------
A => Attribute Type A => Attribute Type
C => DIT Content Rule C => DIT Content Rule
E => LDAP URL Extension E => LDAP URL Extension
M => Matching Rule M => Matching Rule
N => Name Form N => Name Form
O => Object Class O => Object Class
B.3. Attribute Description Options B.4. Attribute Description Options
Option Owner Reference Option Owner Reference
---------------- ----- --------- ---------------- ----- ---------
binary IESG [RFC2251] binary IESG [RFC2251]
lang-* IESG [RFC2596] lang-* IESG [RFC2596]
* family of options * family of options
B.4. LDAPMessage types B.5. LDAPMessage types
Name Code Owner Reference Name Code Owner Reference
--------------------------- ---- ----- --------- --------------------------- ---- ----- ---------
bindRequest 0 IESG [RFC2251] bindRequest 0 IESG [RFC2251]
bindResponse 1 IESG [RFC2251] bindResponse 1 IESG [RFC2251]
unbindRequest 2 IESG [RFC2251] unbindRequest 2 IESG [RFC2251]
searchRequest 3 IESG [RFC2251] searchRequest 3 IESG [RFC2251]
searchResEntry 4 IESG [RFC2251] searchResEntry 4 IESG [RFC2251]
searchResDone 5 IESG [RFC2251] searchResDone 5 IESG [RFC2251]
modifyRequest 6 IESG [RFC2251] modifyRequest 6 IESG [RFC2251]
modifyResponse 7 IESG [RFC2251] modifyResponse 7 IESG [RFC2251]
skipping to change at page 19, line 21 skipping to change at page 20, line 29
modDNResponse 13 IESG [RFC2251] modDNResponse 13 IESG [RFC2251]
compareRequest 14 IESG [RFC2251] compareRequest 14 IESG [RFC2251]
compareResponse 15 IESG [RFC2251] compareResponse 15 IESG [RFC2251]
abandonRequest 16 IESG [RFC2251] abandonRequest 16 IESG [RFC2251]
reserved 17-18 IESG reserved 17-18 IESG
searchResRef 19 IESG [RFC2251] searchResRef 19 IESG [RFC2251]
reserved 20-22 IESG reserved 20-22 IESG
extendedReq 23 IESG [RFC2251] extendedReq 23 IESG [RFC2251]
extendedResp 24 IESG [RFC2251] extendedResp 24 IESG [RFC2251]
B.5. resultCode values B.6. resultCode values
Name Code Owner Reference Name Code Owner Reference
--------------------------- ---- ----- --------- --------------------------- ---- ----- ---------
success 0 IESG [RFC2251] success 0 IESG [RFC2251]
operationsError 1 IESG [RFC2251] operationsError 1 IESG [RFC2251]
protocolError 2 IESG [RFC2251] protocolError 2 IESG [RFC2251]
timeLimitExceeded 3 IESG [RFC2251] timeLimitExceeded 3 IESG [RFC2251]
sizeLimitExceeded 4 IESG [RFC2251] sizeLimitExceeded 4 IESG [RFC2251]
compareFalse 5 IESG [RFC2251] compareFalse 5 IESG [RFC2251]
compareTrue 6 IESG [RFC2251] compareTrue 6 IESG [RFC2251]
skipping to change at page 20, line 24 skipping to change at page 21, line 32
objectClassViolation 65 IESG [RFC2251] objectClassViolation 65 IESG [RFC2251]
notAllowedOnNonLeaf 66 IESG [RFC2251] notAllowedOnNonLeaf 66 IESG [RFC2251]
notAllowedOnRDN 67 IESG [RFC2251] notAllowedOnRDN 67 IESG [RFC2251]
entryAlreadyExists 68 IESG [RFC2251] entryAlreadyExists 68 IESG [RFC2251]
objectClassModsProhibited 69 IESG [RFC2251] objectClassModsProhibited 69 IESG [RFC2251]
reserved (resultsTooLarge) 70 IESG [RFC2251] reserved (resultsTooLarge) 70 IESG [RFC2251]
reserved 71-79 IESG reserved 71-79 IESG
other 80 IESG [RFC2251] other 80 IESG [RFC2251]
reserved (APIs) 81-90 IESG [RFC2251] reserved (APIs) 81-90 IESG [RFC2251]
B.6. Bind Authentication Method B.7. Bind Authentication Method
Method Value Owner Usage Reference Method Value Owner Usage Reference
------ ----- ----- ----------- ----------------- ------ ----- ----- ----------- -----------------
simple 0 IESG LIMITED USE [RFC2251,RFC2829] simple 0 IESG LIMITED USE [RFC2251,RFC2829]
krbv42LDAP 1 IESG OBSOLETE* [RFC1777] krbv42LDAP 1 IESG OBSOLETE* [RFC1777]
krbv42DSA 2 IESG OBSOLETE* [RFC1777] krbv42DSA 2 IESG OBSOLETE* [RFC1777]
sasl 3 IESG COMMON [RFC2251,RFC2829] sasl 3 IESG COMMON [RFC2251,RFC2829]
* These LDAPv2-only mechanisms were deprecated in favor LDAPv3 SASL * These LDAPv2-only mechanisms were deprecated in favor LDAPv3 SASL
authentication method, specifically the GSSAPI mechanism. authentication method, specifically the GSSAPI mechanism.
 End of changes. 

This html diff was produced by rfcdiff 1.25, available from http://www.levkowetz.com/ietf/tools/rfcdiff/