Full_Name: Pierangelo Masarati Version: HEAD/re24/re23 OS: irrelevant URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (81.72.89.40) Submitted by: ando

The latest draft I can find (14 February 2007) states that

Clients MUST provide a criticality value of TRUE to prevent unintended modification of the directory.

As a consequence, I think the server could reject instances of this control with a criticality of FALSE, to prevent its unintended use. However, OpenLDAP's slapd currently tolerates a criticality of FALSE, and OpenLDAP clients allow users to use this control with a criticality of FALSE. I think the clients need to be fixed, and the server should prevent this improper use. Also, the server should check whether the control is used with operations not indicated in the draft (i.e. non-write ops).

p.