On Fri, 20 Apr 2012 14:05:34 GMT, Kurt@OpenLDAP.org wrote:

RFC 2891 was written before RFC 4510... and to some degree, IIRC, was the reason why the criticality processing requirements were make more clear in RFC 4510. Overloading criticality (or any protocol element) is simply a bad thing.

IIRC that was done with the understanding that some control RFCs would have to be rewritten - but apparently nobody volunteered to do the rewrites.

(...) So the whole specification is a mess.

What I recommend is this,

If the server implements the control:

If the control is present, try to sort. If able to do so, return sortResult.success. Otherwise return sortResult with sortResult != success.

This, I think is consistent with RFC 2891.

Though the new behavior may be formally compatible with both RFCs, it certainly breaks the expectations of one of them and must do so.

How long has the previous behavior been in in OpenLDAP? Is it feasible to delay the change until RE25? Seems like a typical kind of change to avoid doing in the middle of a release series.