|
Alan,
I did not read so deeply into Kurt's proposal. But from
what I understood, since the DNS SRV records were used for advertising LDAP
servers, one could easily leverage it for gluing directories. Not to mention the
fact that this will not be the ONLY approach that will ever exists. If the LDAP
server provides the smarts for doing so I think clients would be pleased to get
better referals. Don't you?
I do agree with your views, and I think I get it correct, that
with the DNS SRV approach, proper "service" oriented advertisements is not yet
defined. I would like a better mechanism wherein services hosted by LDAP servers
are properly defined so that service vendors could use a proper advertising
template and provide the relevant information and I as a service
consumer could lookup the "NET" and with some good and smart query tool exactly
locate the service vendor who would be ready to service my requirements within
the resource limits I specify. This is analogous to the web approach taken
today. I am thinking, dreaming and haven't had any formal or informal
discussions with anybody on this yet. I was planning on sending an email to Bob
Morgan/Paul Leach to run this idea by them and see what they think about. This
email actually brought me into the the mood of writing this down and emailing it
to everybody. Give me your thoughts on this.
SG
>>> "Lloyd, Alan" <Alan.Lloyd@ca.com> 05/14/00 08:47PM >>> Is anyone concerned that "gluing directories with LDAP" is only providing a system which is slow, has lots of overheads, is more complex than X.500 and will only deal with publically accessable attributes for non authenticated users. - ie one cannot put a consistent ,distributed authentication and access control regime over this AND one cannot do predictable (response time) distributed searches that are controlled/protected by the server at the client access point - or provide "service" based correlation of the responses according to User profiles or domain access control settings. To me this is definitely not what "large scale" directory users want...an unprotected, uncoordinated, non deterministic "information" infrastructure Sorry - Just my views regards alan -----Original Message----- From: Kurt D. Zeilenga Sent: Saturday, May 13, 2000 6:10 AM To: ietf-ldapext@netscape.com Subject: gluing directories with draft-ietf-ldapext-locate-02.txt The intro to this draft states this may be used by clients (or servers acting as clients). I'd like to add that it may also be used by servers acting as servers to generate appropriate referrals to requests not held by the server. That is, if a client requests a DN not held by a server, that server could use DNS SRV to produce a suitable referral to the client. I have an example of such a server operating (experimentally) at ldap://root.openldap.org. It will generate LDAPv3 (and LDAPv2+) referrals using the method similar to that described in the I-D. Enjoy! Kurt // pseudo code: real code is available from OpenLDAP public // source repository. http://www.openldap.org/software/repo.html domain=NULL foreach( rdn of dn ) // left to right { if multiple value rdn { domain=NULL; continue; } if rdn attribute type == "dc" { if( domain != NULL ) { domain = concat( domain, "." ); } domain = concat( domain, rdn value ); continue; } domain=NULL; } if( domain != NULL ) { if( DNSSRV( domain ) ) { return referral; } } return noSuchObject; |