[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: draft-ietf-ldapext-locate-01.txt - Discovering LDAP Services with DNS

To: Paul Leach <paulle@Exchange.Microsoft.com>, RL 'Bob' Morgan <rlmorgan@cac.washington.edu>, Bruce Greenblatt <bgreenblatt@directory-applications.com>
Subject: RE: draft-ietf-ldapext-locate-01.txt - Discovering LDAP Services with DNS
From: James Benedict <grunt@nortelnetworks.com>
Date: Wed, 19 Jan 2000 09:20:41 -0500
Cc: ietf-ldapext@netscape.com
Resent-date: Wed, 19 Jan 2000 06:21:34 -0800 (PST)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <gdynDC.A.zoC.khch4@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

Title: RE: draft-ietf-ldapext-locate-01.txt - Discovering LDAP Services with DNS

> -----Original Message-----
> From: Paul Leach [mailto:paulle@Exchange.Microsoft.com]
> Sent: Tuesday, January 18, 2000 10:30 PM
> To: Benedict, James [CAR:5N41:EXCH]; RL 'Bob' Morgan; Bruce Greenblatt
> Cc: ietf-ldapext@netscape.com
> Subject: RE: draft-ietf-ldapext-locate-01.txt - Discovering LDAP
> Services with DNS
>
...
> > What this solution requires is some sort of agreement around two
> assumptions:
> > 1) That "Internet" LDAP DNs are arranged by domain component, and
>
> No, it does not depend on any such agreement.

> It _allows_some_ people to

These words make me cringe when I hear them. Anything that is designed
to "allow some" people to do something implies that "other" people will
be doing something else. This doesn't speak well for convergence of
directory applications.

Having said that: I understand, and accept, the fact that LDAP
directories will always be "slightly" different, and will likely
require a multitude of service discovery methods.

I not sure see this approach as being usefull on the "Internet" as
much as in an "Intranet". If I use a dc-structure, it is more likely
to reflect my internal domain structure, unless my directory is real
small. It does raise the question of whether I would *actually* expose
that directory tree to the Internet or not...

I guess my real problem with this particular method is the fact that
the client never really has any confidence until it queries DNS.

I would suggest an addendum to the draft that "recommends" that "Internet"
directories arranged with a dc-tree provide some sort of LDAP service
that can be resolved at some point by walking up the tree. eg.

cn=James Benedict, ou=sales, dc=us, dc=nortelnetworks, dc=com

Maybe I don't want to make _ldap._tcp.us.nortelnetworks.com and
_ldap._tcp.uk.nortelnetworks.com, etc. visible to the Internet, but
_ldap._tcp.nortelnetworks.com wouldn't be too bad. It would have for
us a while ago when we went from nt.com to nortelnetworks.com externally
first, then internally. But that could be solved with an alias.

--james
James A Benedict
Advisor, IP Directory Systems Architecture
Carrier Packet Solutions
NORTEL NETWORKS
Ph: (613) 763-3909

Prev by Date: RE: draft-ietf-ldapext-locate-01.txt - Discovering LDAP Services with DNS
Next by Date: RE: draft-ietf-ldapext-locate-01.txt - Discovering LDAP Services with DNS
Index(es):
- Chronological
- Thread