[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: gluing directories with draft-ietf-ldapext-locate-02.txt

To: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>, ietf-ldapext@netscape.com
Subject: RE: gluing directories with draft-ietf-ldapext-locate-02.txt
From: "Lloyd, Alan" <Alan.Lloyd@ca.com>
Date: Sun, 14 May 2000 22:38:19 -0400

Is anyone concerned that "gluing directories with LDAP" is only providing a
system which is slow, has lots of overheads, is more complex than X.500 and
will only deal with publically accessable attributes for non authenticated
users.
 - ie one cannot put a consistent ,distributed authentication and access
control regime over this AND one cannot do predictable (response time)
distributed searches that are controlled/protected by the server at the
client access point - or provide "service" based correlation of the
responses according to User profiles or domain access control settings.

To me this is definitely not what "large scale" directory users want...an
unprotected, uncoordinated, non deterministic "information" infrastructure

Sorry - Just my views

regards alan


	-----Original Message-----
	From:	Kurt D. Zeilenga 
	Sent:	Saturday, May 13, 2000 6:10 AM
	To:	ietf-ldapext@netscape.com
	Subject:	gluing directories with
draft-ietf-ldapext-locate-02.txt

	The intro to this draft states this may be used by clients
	(or servers acting as clients).  I'd like to add that it
	may also be used by servers acting as servers to generate
	appropriate referrals to requests not held by the server.
	That is, if a client requests a DN not held by a server,
	that server could use DNS SRV to produce a suitable
	referral to the client.

	I have an example of such a server operating (experimentally)
	at ldap://root.openldap.org.  It will generate LDAPv3 (and
	LDAPv2+) referrals using the method similar to that described
	in the I-D.

	Enjoy!
		Kurt

	// pseudo code: real code is available from OpenLDAP public
	// source repository.  http://www.openldap.org/software/repo.html
	domain=NULL
	foreach( rdn of dn ) // left to right
	{
		if multiple value rdn {
			domain=NULL;
			continue;
		}
		if rdn attribute type == "dc" {
			if( domain != NULL ) {
				domain = concat( domain, "." );
			}
			domain = concat( domain, rdn value );
			continue;
		}
		domain=NULL;
	}

	if( domain != NULL ) {
		if( DNSSRV( domain ) ) {
			return referral;
		}
	}
	return noSuchObject;

Follow-Ups:
- RE: gluing directories with draft-ietf-ldapext-locate-02.txt
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: vendor name - draft-ietf-ldapext-ldap-c-api-04.txt
Next by Date: RE: gluing directories with draft-ietf-ldapext-locate-02.txt
Index(es):
- Chronological
- Thread