[Date Prev][Date Next] [Chronological] [Thread] [Top]

LDAP BIND follows referrals (or not)

To: ietf-ldapbis@OpenLDAP.org
Subject: LDAP BIND follows referrals (or not)
From: "Timothy Hahn" <hahnt@us.ibm.com>
Date: Thu, 26 Jul 2001 16:10:07 -0400

Hello all,

It has come up again within our organization whether or not LDAP servers that implement the LDAP BIND operation should follow referrals during processing of this operation.

Given entries:

dn: cn=Tim, ou=development, o=ibm
objectclass: alias
aliasedobjectname: cn=Tim Hahn, dc=us, dc=ibm, dc=com
cn: Tim

dn: cn=Tim Hahn, dc=us, dc=ibm, dc=com
objectclass: person
cn: Tim Hahn
sn: Hahn
userpassword: xxxx

Should a BIND operation with parameters:

TYPE: SIMPLE
DN: cn=Tim, ou=development, o=ibm
PW: xxxx

follow the referral and use the "cn=Tim Hahn, dc=us, dc=ibm, dc=com" entry?

I believe the concensus on the list when this was last discussed was that the server SHOULD NOT follow the alias when processing the BIND operation. Further, section 4.2 of draft-ietf-ldapbis-protocol-02.txt draft also reflects this.

This note is just to point this out and ensure that the current specification in draft-ietf-ldapbis-protocol-02.txt is what we (through concensus) agree on.

Thanks in advance,
Tim Hahn

Internet: hahnt@us.ibm.com
Internal: Timothy Hahn/Endicott/IBM@IBMUS or IBMUSM00(HAHNT)
phone: 607.752.6388 tie-line: 8/852.6388
fax: 607.752.3681

Prev by Date: Re: StartTLS State Transition table
Next by Date: RE: LDAP BIND follows referrals (or not)
Index(es):
- Chronological
- Thread