[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Status of LDIF and Changelog?

Hi,

David Chadwick wrote:
> 
> Date forwarded:         Fri, 13 Nov 1998 10:48:04 -0800 (PST)
> Date sent:              Fri, 13 Nov 1998 10:47:11 -0800
> From:                   Sanjay.Jain@software.com (Sanjay Jain)
> Organization:           Software.Com
> To:                     Gordon Good <ggood@netscape.com>
> Copies to:              Pete Lynch <pete@jyra.com>,
>         "Griffith, Adrian, CON, OASD\(HA\)/TMA"
> <Adrian.Griffith@tma.osd.mil>,
>         Helmut Volpers <Helmut.Volpers@mch.sni.de>,
>         "'Russel F. Weiser'" <rweiser@digsigtrust.com>,
>         Richardson K <k.richardson@MAN05T1.wins.icl.co.uk>,
>         ietf-ldapext@netscape.com
> Subject:                Re: Status of LDIF and Changelog?
> Forwarded by:           ietf-ldapext@netscape.com
> 
> >
> >
> > Gordon Good wrote:
> >
> > > - The changelog draft, in my opinion, should become an informational
> > > RFC. The LDUP group is not planning to use LDAP-accessible changelogs in
> > > its multi-master replication work.
> > >
> > > How does this sound?  Are there any serious objections to these plans?
> >
> >  I would prefer that changelog draft is moved forward as a proposed
> >  standard.  It provides a simple consumer-initiated replication mechanism
> >  at least till the time we have real LDAP replication standards. I think,
> >  today there is a need to replicate accross multi-vendor directory servers
> >  and without such a standard in place, it is not possible to achieve that.
> >
> 
> I would prefer both it and the LDIF texts to be informational RFCs (although I
> accept that LDIF is widely used) until access controls are sorted out. SInce
> there is no way of storing access control information in a multi-vendor way,
> changelog and LDIF can only really work in a multi-vendor environment for
> either public information (with no attached ACI) or single vendor environments
> with proprietary ACI.

That's not totally true. You can do a lot of synchronisation from and to
LDAP or X.500
directories, exchange, lotus notes, databases, etc without having a
common access control
but having a common LDIF format. Also in future (when access control is
defined) you will have 
a lot of LDIF files without it.
I have set up a prescriptive Access Control in an X.500 DSA and upload
data over LDAP 
where I can live in the most cases without any ACL-policies in the LDIF
file. And if 
somebody (e.g. another X.500 implementation) wants an Access Control
policy I can give it
in LDIF as a binary Attribute-value.

 For this reason I dont think the IESG will allow it to move
> forward as a standard until access controls are standardised (unless there is
> BIG warning notice on the front stating its limitations, as with the LDAPv3 text).
> I could be wrong, but when I talk to people about LDIF they seem to be
> blissfully unaware of its limitations.

There are a lot of limitations but at least it should be possible to
store in LDIF
whatever you want. (perhaps not everybody understand everything, but
that is okay.)


Helmut
> 
> David
> 
> ***************************************************
> 
> David Chadwick
> IT Institute, University of Salford, Salford M5 4WT
> Tel +44 161 295 5351  Fax +44 161 745 8169
> Mobile +44 370 957 287
> Email D.W.Chadwick@iti.salford.ac.uk
> Home Page  http://www.salford.ac.uk/its024/chadwick.htm
> Understanding X.500  http://www.salford.ac.uk/its024/X500.htm
> X.500/LDAP Seminars http://www.salford.ac.uk/its024/seminars.htm
> 
> ***************************************************
begin:vcard 
n:Volpers;Helmut 
x-mozilla-html:FALSE
adr:;;Otto-Hahn-Ring 6;Munich;;81730;Germany
version:2.1
email;internet:Helmut.Volpers@mch.sni.de
title:Directory Server Architect
tel;fax:+49-89-63645860
tel;home:+49-89-1576588
tel;work:+49-89-63646713
x-mozilla-cpt:;0
fn:Volpers, Helmut 
end:vcard