[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: Beginning taxonomy for finding LDAP servers.
Yes - but referrals are not viable if the client has to authenticate by
name /password, etc into the "referred to" servers. Unless the user has
been preconfigured first.
regards alan
> -----Original Message-----
> From: Roland Hedberg
> Sent: Saturday, May 08, 1999 7:01 AM
> To: Ryan Moats; ietf-ldapext@netscape.com
> Subject: Re: Beginning taxonomy for finding LDAP servers.
>
> At 14:21 1999-05-06 -0500, Ryan Moats wrote:
>
> >Method: Client configuration
> >
> >In this case, the client administrator configures it with a list of
> known
> >LDAP servers
> >to send queries to. This list will be right (initially), but
> modification
> >to the list
> >requires client updates and doesn't scale real well.
>
> I agree, it doesn't scale. Therefore this only works if there are
> a limited number of known LDAP servers that a client has to be
> configured with in order to be able to find the rest
> (or at least the majority).
>
> Here in Norway, if everything works out as planed, we are going to
> put up a service which is going to contain basic information about
> every organization in Norway and if any of these organizations wants
> to publish more information about them self, through a publicly
> available
> LDAP server, a referral to that server will be stored in the central
> server/-s. Hence, potentially, you would only have to know about one
> or two LDAP servers, the second being the backup, i Norway in order
> to find every publicly available LDAP server in Norway.
>
> Worth noting is that we don't have to put any contraints on the
> DNs of the connected LDAP servers. Even though we are going to
> mandate the usage of one of:
>
> - the classical o=foo, c=no
> - the dc-naming dc=foo,dc=<TLD>
> - the guaranteed unique uniqueIdentifier=<organizationNumber>,c=NO
>
> And, we only deal with public information, hence no problems with
> access control.
>
> -- Roland
>
>