[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: alternate "dc" naming conventions

To: ietf-ldapext@netscape.com
Subject: Re: alternate "dc" naming conventions
From: Michael Ströder <michael@stroeder.com>
Date: Thu, 05 Jul 2001 22:11:00 +0200
Organization: stroeder.com
References: <200107051955.MAA27337@fionn.es.net>

Michael Helm wrote:
> 
> Is there any reason to think this might not be a problem in
> other infrastructures anyway (eg the Active Directory - based
> W2K domain)?  Suppose a simpler example: one
> directory that manages authentication, with basename ou=users,
> dc=es,dc=net, & another that manages a phone book, basename
> ou=staff,dc=es,dc=net; these two are only loosely coordinated
> (or not).
> Sure, the clients of these servers could get confused.
> They would have to be smart enough to rotor thru the
> DNS SRV RR's they get back (unlikely).

No, the LDAP clients will have to follow referrals. Multiple SRV RRs
should always point to servers holding the same dc-style naming
context. If this naming context is partitioned the server has to
direct the client to the right server by sending a referral.

One open question for me is if a client is allowed to walk upwards
the DNS tree to search for SRV RRs.

E.g. when requesting dc=subdomain,dc=es,dc=net a client might try to
lookup 

_ldap._tcp.subdomain.es.net

and if that failed go ahead with looking up 

_ldap._tcp.es.net

although the client is still solely interested in getting
dc=subdomain,dc=es,dc=net.

Ciao, Michael.

Follow-Ups:
- Re: alternate "dc" naming conventions
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

References:
- Re: alternate "dc" naming conventions
  - From: Michael Helm <helm@fionn.es.net>

Prev by Date: expansion of groups/roles/subtree subjects in LDAP ACM
Next by Date: Re: expansion of groups/roles/subtree subjects in LDAP ACM
Index(es):
- Chronological
- Thread