[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
LDAP BIND follows referrals (or not)
Hello all,
It has come up again within our organization whether or not LDAP servers that implement the LDAP BIND operation should follow referrals during processing of this operation.
Given entries:
dn: cn=Tim, ou=development, o=ibm
objectclass: alias
aliasedobjectname: cn=Tim Hahn, dc=us, dc=ibm, dc=com
cn: Tim
dn: cn=Tim Hahn, dc=us, dc=ibm, dc=com
objectclass: person
cn: Tim Hahn
sn: Hahn
userpassword: xxxx
Should a BIND operation with parameters:
TYPE: SIMPLE
DN: cn=Tim, ou=development, o=ibm
PW: xxxx
follow the referral and use the "cn=Tim Hahn, dc=us, dc=ibm, dc=com" entry?
I believe the concensus on the list when this was last discussed was that the server SHOULD NOT follow the alias when processing the BIND operation. Further, section 4.2 of draft-ietf-ldapbis-protocol-02.txt draft also reflects this.
This note is just to point this out and ensure that the current specification in draft-ietf-ldapbis-protocol-02.txt is what we (through concensus) agree on.
Thanks in advance,
Tim Hahn
Internet: hahnt@us.ibm.com
Internal: Timothy Hahn/Endicott/IBM@IBMUS or IBMUSM00(HAHNT)
phone: 607.752.6388 tie-line: 8/852.6388
fax: 607.752.3681