The server completion result response indicates the success or failure of the operation. It is tagged with the same tag as the client command which began the operation.
Thus, if more than one command is in progress, the tag in a server completion response identifies the command to which the response applies. There are three possible server completion responses: OK indicating success , NO indicating failure , or BAD indicating a protocol error such as unrecognized command or command syntax error. The protocol receiver of an IMAP4rev1 client reads a response line from the server. A client MUST be prepared to accept any server response at all times.
This includes server data that was not requested. Server data SHOULD be recorded, so that the client can reference its recorded copy rather than sending a command to the server to request the data.
In the case of certain server data, the data MUST be recorded. This topic is discussed in greater detail in the Server Responses section. Message Attributes In addition to message text, each message has several attributes associated with it.
These attributes can be retrieved individually or in conjunction with other attributes or message texts. Message Numbers Messages in IMAP4rev1 are accessed by one of two numbers; the unique identifier or the message sequence number.
Unique Identifier UID Message Attribute A bit value assigned to each message, which when used with the unique identifier validity value see below forms a bit value that MUST NOT refer to any other message in the mailbox or any subsequent mailbox with the same name forever.
Unique identifiers are assigned in a strictly ascending fashion in the mailbox; as each message is added to the mailbox it is assigned a higher UID than the message s which were added previously.
Unlike message sequence numbers, unique identifiers are not necessarily contiguous. Persistent unique identifiers are required for a client to resynchronize its state from a previous session with the server e.
Crispin Standards Track [Page 8] RFC IMAPv4 March Associated with every mailbox are two values which aid in unique identifier handling: the next unique identifier value and the unique identifier validity value. The next unique identifier value is the predicted value that will be assigned to a new message in the mailbox.
Unless the unique identifier validity also changes see below , the next unique identifier value MUST have the following two characteristics. First, the next unique identifier value MUST NOT change unless new messages are added to the mailbox; and second, the next unique identifier value MUST change whenever new messages are added to the mailbox, even if those new messages are subsequently expunged.
Note: The next unique identifier value is intended to provide a means for a client to determine whether any messages have been delivered to the mailbox since the previous time it checked this value. It is not intended to provide any guarantee that any message will have this unique identifier. A client can only assume, at the time that it obtains the next unique identifier value, that messages arriving after that time will have a UID greater than or equal to that value.
If unique identifiers from an earlier session fail to persist in this session, the unique identifier validity value MUST be greater than the one used in the earlier session. If the physical message store is re-ordered by a non-IMAP agent, this requires that the unique identifiers in the mailbox be regenerated, since the former unique identifiers are no longer strictly ascending as a result of the re-ordering. It is alright to use a constant such as 1, but only if it guaranteed that unique identifiers will never be reused, even in the case of a mailbox being deleted or renamed and a new mailbox by the same name created at some future time.
This does not include message numbers, nor does it include attributes that can be set by a STORE command e. Message Sequence Number Message Attribute A relative position from 1 to the number of messages in the mailbox.
This position MUST be ordered by ascending unique identifier. As each new message is added, it is assigned a message sequence number that is 1 higher than the number of messages in the mailbox before that new message was added.
Message sequence numbers can be reassigned during the session. For example, when a message is permanently removed expunged from the mailbox, the message sequence number for all subsequent messages is decremented. The number of messages in the mailbox is also decremented. Similarly, a new message can be assigned a message sequence number that was once held by some other message prior to an expunge.
In addition to accessing messages by relative position in the mailbox, message sequence numbers can be used in mathematical calculations. Flags Message Attribute A list of zero or more named tokens associated with the message. A flag is set by its addition to this list, and is cleared by its removal.
There are two types of flags in IMAP4rev1. A flag of either type can be permanent or session-only. A system flag is a flag name that is pre-defined in this specification. This flag can not be altered by the client. If it is not possible to determine whether or not this session is the first session to be notified about a message, then that message SHOULD be considered recent.
A keyword is defined by the server implementation. Permanent flags are those which the client can add or remove from the message flags permanently; that is, concurrent and subsequent sessions will see any change in permanent flags. Changes to session flags are valid only in that session. Internal Date Message Attribute The internal date and time of the message on the server. This is not the date and time in the [ RFC ] header, but rather a date and time which reflects when the message was received.
All other cases are implementation defined. The initial state is identified in the server greeting. Most commands are only valid in certain states. It is a protocol error for the client to attempt a command while the connection is in an inappropriate state, and the server will respond with a BAD or NO depending upon server implementation command completion result.
Not Authenticated State In the not authenticated state, the client MUST supply authentication credentials before most commands will be permitted. This state is entered when a connection starts unless the connection has been pre-authenticated. Authenticated State In the authenticated state, the client is authenticated and MUST select a mailbox to access before commands that affect messages will be permitted.
This state is entered when a pre-authenticated connection starts, when acceptable authentication credentials have been provided, after an error in selecting a mailbox, or after a successful CLOSE command. Selected State In a selected state, a mailbox has been selected to access. This state is entered when a mailbox has been successfully selected. Logout State In the logout state, the connection is being terminated. This state can be entered as a result of a client request via the LOGOUT command or by unilateral action on the part of either the client or server.
If the server detects that the client has unilaterally closed the connection, the server MAY omit the untagged BYE response and simply close its connection. Note that a particular data item may take more than one form; for example, a data item defined as using "astring" syntax may be either an atom or a string. Atom An atom consists of one or more non-special characters.
Number A number consists of one or more digit characters, and represents a numeric value. String A string is in one of two forms: either literal or quoted string. The literal form is the general form of string. The quoted string form is an alternative that avoids the overhead of processing a literal at the cost of limitations of characters which may be used.
In the case of literals transmitted from server to client, the CRLF is immediately followed by the octet data. In the case of literals transmitted from client to server, the client MUST wait to receive a command continuation request described later in this document before sending the octet data and the remainder of the command. Note: Even if the octet count is 0, a client transmitting a literal MUST wait to receive a command continuation request. A "binary string" is any string with NUL characters.
Parenthesized List Data structures are represented as a "parenthesized list"; a sequence of data items, delimited by space, and bounded at each end by parentheses. A parenthesized list can contain other parenthesized lists, using multiple levels of parentheses to indicate nesting. The empty list is represented as -- a parenthesized list with no members.
NIL The special form "NIL" represents the non-existence of a particular data item that is represented as a string or parenthesized list, as distinct from the empty string "" or the empty parenthesized list.
Note: NIL is never used for any data item which takes the form of an atom. This is because mailbox uses "astring" syntax which is an atom or a string. Conversely, an addr-name of NIL is a non-existent personal name, because addr-name uses "nstring" syntax which is NIL or a string, but never an atom. Operational Considerations The following rules are listed here to ensure that all IMAP4rev1 implementations interoperate properly.
Mailbox Naming Mailbox names are 7-bit. See section 5. Note: 8-bit mailbox names were undefined in earlier versions of this protocol. Such usage is not interoperable, and is now formally deprecated. The case-insensitive mailbox name INBOX is a special name reserved to mean "the primary mailbox for this user on this server". The interpretation of all other names is implementation-dependent. Some server implementations are fully case-sensitive; others preserve case of a newly-created name but otherwise are case-insensitive; and yet others coerce names to a particular case.
Client implementations MUST interact with any of these. If a server implementation interprets non-INBOX mailbox names as case-insensitive, it MUST treat names using the international naming convention specially as described in section 5.
There are certain client considerations when creating a new mailbox name: 1 Any character which is one of the atom-specials see the Formal Syntax will require that the mailbox name be represented as a quoted string or literal. Mailbox Hierarchy Naming If it is desired to export hierarchical mailbox names, mailbox names MUST be left-to-right hierarchical using a single character to separate levels of hierarchy.
The same hierarchy separator character is used for all levels of hierarchy within a single name. Mailbox Namespace Naming Convention By convention, the first hierarchical element of any mailbox name which begins with " " identifies the "namespace" of the remainder of the name. This makes it possible to disambiguate between different types of mailbox stores, each of which have their own namespaces. Thus, the comp. Modified UTF-7 may also be usable in servers that implement an earlier version of this protocol.
In particular, server implementations MUST preserve the exact form of the modified BASE64 portion of a modified UTF-7 name and treat that text as case-sensitive, even if names are otherwise case-insensitive or case-folded. Mailbox Size and Message Status Updates At any time, a server can send data that the client did not request. For example, agents other than the server MAY add messages to the mailbox e. A server MUST send mailbox size updates automatically if a mailbox size change is observed during the processing of a command.
A server SHOULD send message flag updates automatically, without requiring the client to request such updates explicitly. Special rules exist for server notification of a client about the removal of messages to prevent synchronization errors; see the description of the EXPUNGE response for more detail. Regardless of what implementation decisions a client makes on remembering data from the server, a client implementation MUST record mailbox size updates.
Server implementations that send such responses MUST deal with flow control considerations. Specifically, they MUST either 1 verify that the size of the data does not exceed the underlying transport's available window size, or 2 use non-blocking writes. Autologout Timer If a server has an inactivity autologout timer, the duration of that timer MUST be at least 30 minutes.
Multiple Commands in Progress The client MAY send another command without waiting for the completion result response of a command, subject to ambiguity rules see below and flow control constraints on the underlying data stream. Similarly, a server MAY begin processing another command before processing the current command to completion, subject to ambiguity rules. However, any command continuation request responses and command continuations MUST be negotiated before any subsequent command is initiated.
The exception is if an ambiguity would result because of a command that would affect the results of other commands. If the server detects a possible ambiguity, it MUST execute commands to completion in the order given by the client. The most obvious example of ambiguity is when a command would affect the results of another command, e.
If the client sends a UID command, it must wait for a completion result response before sending a command with message sequence numbers. Commands are organized by the state in which the command is permitted. Commands which are permitted in multiple states are listed in the minimum permitted state for example, commands valid in authenticated and selected state are listed in the authenticated state commands.
Command arguments, identified by "Arguments:" in the command descriptions below, are described by function, not by syntax.
The precise syntax of command arguments is described in the Formal Syntax section. Some commands cause specific server responses to be returned; these are identified by "Responses:" in the command descriptions below. See the response descriptions in the Responses section for information on these responses, and the Formal Syntax section for the precise syntax of these responses.
It is possible for server data to be transmitted as a result of any command. IntermediateResponse messages are specified in documents describing the manner in which they are solicited i. Extensions that allow the return of multiple types of IntermediateResponse messages SHALL identify those types using unique responseName values note that one of these may specify no value.
Usage with LDAP Request Controls A control's semantics may include the return of zero or more IntermediateResponse messages prior to returning the final result code for the operation. One or more kinds of IntermediateResponse messages may be sent in response to a request control.
This requirement ensures that the client can correctly identify the source of IntermediateResponse messages when: - two or more controls using IntermediateResponse messages are included in a request for any LDAP operation or - one or more controls using IntermediateResponse messages are included in a request with an LDAP Extended operation that uses IntermediateResponse messages.
The requestName is "1. Detected sequencing problems particularly those detailed in Section 3. If the server does not support TLS whether by design or by current configuration , it returns with the resultCode set to protocolError as described in Section 4. The responseName is "1. The responseValue is always absent.
If the server is otherwise unwilling or unable to perform this operation, the server is to return an appropriate result code indicating the nature of the problem. For example, if the TLS subsystem is not presently available, the server may indicate this by returning with the resultCode set to unavailable. Protocol Encoding, Connection, and Transfer This protocol is designed to run over connection-oriented, reliable transports, where the data stream is divided into octets 8-bit units , with each octet and each bit being significant.
This service is generally applicable to applications providing or consuming X. This specification was generally written with the TCP mapping in mind. Specifications detailing other mappings may encounter various obstacles.
These restrictions are meant to ease the overhead of encoding and decoding certain elements in BER. These restrictions do not apply to ASN. Servers may instead provide a listener on a different port number. A protocol peer may determine that the continuation of any communication would be pernicious, and in this case, it may abruptly terminate the session by ceasing communication and closing the transport connection.
In either case, when the LDAP session is terminated, uncompleted operations are handled as specified in Section 3. Security Considerations This version of the protocol provides facilities for simple authentication using a cleartext password, as well as any SASL [ RFC ] mechanism.
It is also permitted that the server can return its credentials to the client, if it chooses to do so. Sermersheim Standards Track [Page 43] RFC LDAPv3 June Use of cleartext password is strongly discouraged where the underlying transport service cannot guarantee confidentiality and may result in disclosure of the password to unauthorized parties. Servers are encouraged to prevent directory modifications by clients that have authenticated anonymously [ RFC ]. Note that SASL authentication exchanges do not provide data confidentiality or integrity protection for the version or name fields of the BindRequest or the resultCode, diagnosticMessage, or referral fields of the BindResponse, nor for any information contained in controls attached to Bind requests or responses.
Implementors should note that various security factors including authentication and authorization information and data security services may change during the course of the LDAP session or even during the performance of a particular operation.
For instance, credentials could expire, authorization identities or access controls could change, or the underlying security layer s could be replaced or terminated. Implementations should be robust in the handling of changing security factors. In some cases, it may be appropriate to continue the operation even in light of security factor changes. For instance, it may be appropriate to continue an Abandon operation regardless of the change, or to continue an operation when the change upgraded or maintained the security factor.
In other cases, it may be appropriate to fail or alter the processing of the operation. For instance, if confidential protections were removed, it would be appropriate either to fail a request to return sensitive data or, minimally, to exclude the return of sensitive data. Implementations that cache attributes and entries obtained via LDAP MUST ensure that access controls are maintained if that information is to be provided to multiple clients, since servers may have access control policies that prevent the return of entries or attributes in Search results except to particular authenticated clients.
For example, caches could serve result information only to the client whose request caused it to be in the cache. It is possible for a rogue application to inject such referrals into the data stream in an attempt to redirect a client to a rogue server. Clients are advised to be aware of this and possibly reject referrals when confidentiality measures are not in place. Clients are advised to reject referrals from the StartTLS operation.
The matchedDN and diagnosticMessage fields, as well as some resultCode values e. Server implementations should restrict access to protected information equally under both normal and error conditions.
Protocol peers MUST be prepared to handle invalid and arbitrary- length protocol encodings. In the event that a protocol peer senses an attack that in its nature could cause damage due to further communication at any layer in the LDAP session, the protocol peer should abruptly terminate the LDAP session as described in Section 5.
Normative References [ ASN. Zeilenga, Ed. It is also noted that one resultCode value strongAuthRequired has been renamed to strongerAuthRequired.
Client implementations SHALL treat any result code that they do not recognize as an unknown error condition. The descriptions provided here do not fully account for result code substitutions used to prevent unauthorized disclosures such as substitution of noSuchObject for insufficientAccessRights, or invalidCredentials for insufficientAccessRights.
Non-Error Result Codes These result codes called "non-error" result codes do not indicate an error condition: success 0 , compareFalse 5 , compareTrue 6 , referral 10 , and saslBindInProgress The success, compareTrue, and compareFalse result codes indicate successful completion and, hence, are referred to as "successful" result codes.
The referral and saslBindInProgress result codes indicate the client needs to take additional action to complete the operation. Note: this code is not used with the Compare operation.
See compareFalse 5 and compareTrue 6. For Bind operation only, this code is also used to indicate that the server does not support the requested protocol version. For Extended operations only, this code is also used to indicate that the server does not support by design or configuration the Extended operation associated with the requestName. For request operations specifying multiple controls, this may be used to indicate that the server cannot ignore the order of the controls as specified, or that the combination of the specified controls is invalid or unspecified.
When used with the Notice of Disconnection operation, this code indicates that the server has detected that an established security association between the client and server has unexpectedly failed or been compromised.
For example, the code may used to indicate an alias has been dereferenced that names no object. Typically, an alias was encountered in a situation where it was not allowed or where access was denied. For example, this code is returned when a client attempts to modify the structural object class of an entry.
This version of -- this ASN. Changes This appendix is non-normative. Post publication of RFC , mandatory LDAP authentication mechanisms have been standardized which are sufficient to remove this note. See [ RFC ] for authentication mechanisms.
Instead, added sufficient language so that this document can stand on its own. This change affected various ASN. This statement provided no interoperability advantages. Section 4. RFC accidentally imposed synchronous server behavior in its wording of this. There are numerous interoperability problems associated with this method of alternate attribute type encoding. Work to specify a suitable replacement is ongoing. The statement was ambiguous and provided no instructions on how to carry it out.
These did nothing for interoperability. There was confusion in the original wording which led some to believe that recognized controls may not be ignored as long as they were associated with a proper request.
This was added for consistency with other operations and to help ensure data consistency. This was to help ensure interoperability of passwords being sent from different clients. LDAP should not require any special handling. This is needed to ensure proper sequencing of the Bind in relationship to other operations.
This was previously prohibited. Now servers are instructed to ignore subsequent names when they are duplicated. This was relaxed in order to allow different short names and also OIDs to be requested for an attribute. It used to evaluate to FALSE, which caused behavior inconsistent with what most would expect, especially when the 'not' operator was used. Also, added imperatives stating that 'initial' if present must be listed first, and 'final' if present must be listed last.
There was question as to whether derefInSearching applied to the base object in a wholeSubtree Search. Some readers were under the impression that any temporary schema violation was allowed.
Previously, Add required that the distinguished values be present in the listed attributes. Instead, generic wording was added, requiring the added entry to adhere to the data model. This is covered in the data model document. There was confusion that led people to believe that an Undefined match resulted in compareFalse. Section 5. It is not used. Readers should consult [ RFC ] for summaries of changes to other sections.
Section 2. Some result codes are required in certain scenarios, but any other may be returned if appropriate. There are circumstances where this is impossible, and requiring this is at odds with language in Section 4.
In general, semantics were preserved. Supporting and background language seen as redundant due to its presence in this document was omitted. This document is subject to the rights, licenses and restrictions contained in BCP 78 , and except as set forth therein, the authors retain all their rights. Yet another axis data — need to merge with keywords and regularise. Definitely, need to keep this — language negotiation needs to be part of the initial connection. Views Read Edit View history. System flags indicate state information such as whether a message has been read.
Not immap sequence numbers would render many of these moot. In addition to this, Courier Mail Server offers a non-standard method of sending using IMAP by copying an outgoing message to a iap outbox folder. By using this site, you agree to the Terms of Use and Privacy Policy. An IMAP server typically listens on port number In contrast, the IMAP protocol specifically allows simultaneous access by multiple clients and provides mechanisms for clients to detect changes made to the mailbox by other, concurrently connected, clients.
Examples include different clients working on behalf of the same user, and multiple users accessing shared mailboxes. This will need to be addressed in individual sections. This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are as essential for the working of basic functionalities of the website.
We also use third-party cookies that help us analyze and understand how you use this website. This page was last edited on 27 Decemberat The user retrieves the messages with an e-mail client that uses one of a number of e-mail retrieval protocols.
This memo has been defined to provide the definition of rvc common format for openly exchanging calendaring and scheduling information across the Internet. The POP protocol requires the currently connected client to be the only client connected to the mailbox. Much of this complexity e. For the antipsychotic, see Fluspirilene. The URI syntax defines a grammar that is a superset of all valid URIs, allowing an implementation to the common components of a URI ikap without knowing the scheme-specific requirements of every possible identifier.
IMAP was designed by Mark Crispin in as a remote access mailbox protocol, in contrast to the widely used POP, a protocol for simply retrieving the contents of a mailbox. Heirarchy separator will either be forced or not exist tree data structure on the wire.
Specifies a method to synchronise a client with a server after some time for the client being offline. E-mail clients using IMAP generally leave messages on the server until the user explicitly deletes them.
0コメント