[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
ADSI and RFC 2251
A requirement placed on our directory by a customer is support of
Microsoft's Active Directory Scripting Interface.
I haven't seen it discussed on this list, but the Bind that our
directory receives via ADSI has a tag [9] where AuthenticationChoice
would be expected. In other words, ADSI seems to think
AuthenticationChoice is:
AuthenticationChoice::= CHOICE {
simple [0] OCTET STRING,
sasl [3] SaslCredentials,
??adsi?? [9] ??OCTET STRING?? }
(I don't know what the type is because the field is empty.)
This is a BIG step and it is not covered by the extensibility rules.
Just a few matters:
A. Does anyone have any background on this MS 'special'?
B. Is there an I-D extending RFC 2251?
C. (unrelated) Apparently RFC 2251 will be updated. Will this be done
through I-Ds and the list or can the authors just go ahead and make the
changes.
D. Is there an intention here that we will have LDAPv3 and MS-LDAP?
It wouldn't be such a big deal if it wasn't that some popular
directories support this 'extension' by responding with a positive
BindResponse. (Though, this appears to be all you can do. If you respond
with ExtendedResponse:Protocol Error, ADSI plays dead - it seems to
expect a BindResponse only.)