LDAP Knowledge draft

[Alan Lloyd <Alan.Lloyd@OpenDirectory.com.au>]

David, I am on the road in Europe still and I caught the draft re LDAP
knowledge, etc.

As most of those now  working with LDAP and the LDAP (non X.500) servers
now realise.

Having knowledge of LDAP servers for referrals, etc is absolutely
pointless if one wants to build a distributed authenticated system (as
provided by X.500). For a referral and knowlege issue to work in LDAP
servers - with user authentication, one has to replicate everything to
everywhere before hand to make it work. Therefore knowledge of other
servers and referrals to servers with that knowledge becomes pointless.


If one is using X.500 in a distributed sense then the referal issue is
dealt with as referals being required for off line DSAs or re
authentication requirements.

The point is.. why is their effort re inventing in LDAP,  mechanisms
that cause compatability problems with X.500 systems or will not have a
purpose when used with non distributed LDAP servers .. 


IE. Why is there effort to put more system mechanisms into LDAP when
LDAP is not a real system unless it accesses X.500 - which has these
mechanisms already defined?

And if these mechanisms are applied to LDAP servers they cannot/wont be
used because  (replicate everything to everywhere) and if applied in
clients, they wont be used either as the server they access will have
all its info in - by definition.


Perhaps the draft should mention in the security section ..
This mechanism is only applied in read only, non authenticated systems

regards alan