RE: draft-ietf-ldapext-locate-01.txt - Discovering LDAP Services with DNS

[Paul Leach <paulle@Exchange.Microsoft.com>]

> -----Original Message-----
> From: Bruce Greenblatt [mailto:bgreenblatt@directory-applications.com]
> Sent: Monday, January 17, 2000 4:36 PM
> To: ietf-ldapext@netscape.com
> Subject: Re: draft-ietf-ldapext-locate-01.txt - Discovering LDAP
> Services with DNS
> 
> 
> I don't understand (or necessarily agree with) the first two 
> paragraphs of
> this draft.  What difference does it make to this mechanism 
> what a "native"
> LDAP server is?

We needed a word to describe servers whose NCs have DNs that start with a
series of "DC=" components. Ones that don't have such names for their NCs
are using the X.500 naming model with LDAP front ends -- those are
"X.500-ish" LDAP servers.

>  If this mechanism doesn't work for non-native LDAP
> servers, shouldn't the draft explain why this is the case?

Of course it doesn't work -- what DNS name corresponds to "O=Example,C=US"?
The mechanism depends on the DN starting with a series of DC= components;
i.e., that they be "native".
  
> I'd just drop
> this whole notion from the draft.
> 
> Can this same mechanism be used to find an LDAP server from an email
> address? It seems like you should be able to find the appropriate SRV
> record from an email address just as easy as you can from a DN that
> conforms to the DC naming principles.

Sure, but only if the SRV records are registered. Nothing today existing
says they should be. I don't think finding an LDAP server from a email
address is particularly interesting by itself, only in association with a
larger task, such as perhaps finding a certificate for a user given their
email address, or (in general) their directory entry, in order to get their
telephone number or manager's name or whatever. I believee there was some
discussion about that sort of thing, even a draft.

Paul