[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Beginning taxonomy for finding LDAP servers.

To: "'d.w.chadwick@iti.salford.ac.uk'" <d.w.chadwick@iti.salford.ac.uk>, Ryan Moats <jayhawk@att.com>, ietf-ldapext@netscape.com
Subject: RE: Beginning taxonomy for finding LDAP servers.
From: Alan Lloyd <Alan.Lloyd@OpenDirectory.com.au>
Date: Wed, 12 May 1999 12:10:25 +1000
Resent-date: Tue, 11 May 1999 19:10:52 -0700 (PDT)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"zyeJKD.A.Kt.kMOO3"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

David - yup just a note though on the CRLs bit is that - technically
they can be "published" - operationally though most organisations are
realising that monitoring CRL size and dynamics is not what they want to
publish to"anon" users simply because it indicates weaknesses and the
scale of such weaknesses.

So non distributed LDAP servers are good for public info only and you
still need a directory or directories and the people to manage that.
regards alan

> -----Original Message-----
> From:	David Chadwick 
> Sent:	Wednesday, May 12, 1999 5:12 AM
> To:	Ryan Moats; ietf-ldapext@netscape.com; Alan Lloyd
> Subject:	RE: Beginning taxonomy for finding LDAP servers.
> 
> Date forwarded: 	Sun, 9 May 1999 16:55:29 -0700 (PDT)
> From:           	Alan Lloyd <Alan.Lloyd@OpenDirectory.com.au>
> To:             	"'d.w.chadwick@iti.salford.ac.uk'"
> <d.w.chadwick@iti.salford.ac.uk>,
>  	Ryan Moats <jayhawk@att.com>, ietf-ldapext@netscape.com
> Subject:        	RE: Beginning taxonomy for finding LDAP servers.
> Date sent:      	Mon, 10 May 1999 09:55:20 +1000
> Forwarded by:   	ietf-ldapext@netscape.com
> 
> > David - But what about distributed authentication and common access
> > control?
> >  As this will only work as  read only - public LDAP servers. It
> makes all
> > the security effort with LDAP wasted - as well. regards alan
> 
> You are correct that this will not work with password based 
> authentication unless each users password is replicated in each 
> LDAP server - clearly not scalable or manageable. It will work 
> though for public read only directories, or for private corporate 
> directories that allow unauthenticated Binds to retrieve the public
> bits 
> of their private directory. It will also work for public key 
> authentication if directories allow unathenticated access to retrieve 
> CRLs, and users send their certificates on the Bind.
> 
> David
> 
> >
> ***************************************************
> 
> David Chadwick
> IT Institute, University of Salford, Salford M5 4WT
> Tel +44 161 295 5351  Fax +44 161 745 8169
> *NEW* Mobile +44 790 167 0359 *NEW*
> Email D.W.Chadwick@iti.salford.ac.uk
> Home Page  http://www.salford.ac.uk/its024/chadwick.htm
> Understanding X.500  http://www.salford.ac.uk/its024/X500.htm
> X.500/LDAP Seminars http://www.salford.ac.uk/its024/seminars.htm
> Entrust key validation string MLJ9-DU5T-HV8J
> 
> ***************************************************

Prev by Date: RE: Beginning taxonomy for finding LDAP servers.
Next by Date: RE: Beginning taxonomy for finding LDAP servers.
Index(es):
- Chronological
- Thread