[Date Prev][Date Next] [Chronological] [Thread] [Top]

ADSI and RFC 2251

To: "'ietf-ldapext@netscape.com'" <ietf-ldapext@netscape.com>
Subject: ADSI and RFC 2251
From: Ron Ramsay <Ron.Ramsay@OpenDirectory.com.au>
Date: Thu, 15 Jul 1999 14:39:28 +1000
Resent-date: Wed, 14 Jul 1999 21:40:09 -0700 (PDT)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"_0pRhD.A.atC.dYWj3"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

A requirement placed on our directory by a customer is support of
Microsoft's Active Directory Scripting Interface.

I haven't seen it discussed on this list, but the Bind that our
directory receives via ADSI has a tag [9] where AuthenticationChoice
would be expected. In other words, ADSI seems to think
AuthenticationChoice is:

AuthenticationChoice::= CHOICE {
    simple [0] OCTET STRING,
    sasl [3] SaslCredentials,
    ??adsi?? [9] ??OCTET STRING?? }

(I don't know what the type is because the field is empty.)

This is a BIG step and it is not covered by the extensibility rules.

Just a few matters:

A. Does anyone have any background on this MS 'special'?

B. Is there an I-D extending RFC 2251?

C. (unrelated) Apparently RFC 2251 will be updated. Will this be done
through I-Ds and the list or can the authors just go ahead and make the
changes.

D. Is there an intention here that we will have LDAPv3 and MS-LDAP?

It wouldn't be such a big deal if it wasn't that some popular
directories support this 'extension' by responding with a positive
BindResponse. (Though, this appears to be all you can do. If you respond
with ExtendedResponse:Protocol Error, ADSI plays dead - it seems to
expect a BindResponse only.)

Follow-Ups:
- Re: ADSI and RFC 2251
  - From: Harald Alvestrand <Harald@Alvestrand.no>
- Re: ADSI and RFC 2251
  - From: Mark Wahl <M.Wahl@INNOSOFT.COM>

Prev by Date: Mortgage Processing Software
Next by Date: Re: object class 'alias'
Index(es):
- Chronological
- Thread