[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: LDAP BIND follows referrals (or not)
I
think you are right. We came to the conclusion that the Server should not
dereference aliases during a bind operation.
Additional the server should not follow referrals during a bind
operation.
Helmut
Hello all,
It has come up
again within our organization whether or not LDAP servers that implement the
LDAP BIND operation should follow referrals during processing of this
operation.
Given entries:
dn: cn=Tim, ou=development, o=ibm
objectclass: alias
aliasedobjectname: cn=Tim Hahn, dc=us, dc=ibm,
dc=com
cn: Tim
dn: cn=Tim Hahn, dc=us, dc=ibm, dc=com
objectclass: person
cn: Tim Hahn
sn: Hahn
userpassword: xxxx
Should a BIND operation with parameters:
TYPE: SIMPLE
DN: cn=Tim, ou=development, o=ibm
PW: xxxx
follow the referral and use the "cn=Tim Hahn, dc=us, dc=ibm, dc=com"
entry?
I believe the concensus on
the list when this was last discussed was that the server SHOULD NOT follow
the alias when processing the BIND operation. Further, section 4.2 of
draft-ietf-ldapbis-protocol-02.txt draft also reflects this.
This note is just to point this out and
ensure that the current specification in draft-ietf-ldapbis-protocol-02.txt is
what we (through concensus) agree on.
Thanks in advance,
Tim Hahn
Internet:
hahnt@us.ibm.com
Internal: Timothy Hahn/Endicott/IBM@IBMUS or
IBMUSM00(HAHNT)
phone: 607.752.6388 tie-line:
8/852.6388
fax: 607.752.3681