[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: [ldapext] draft-ietf-ldapext-locate

To: Paul Leach <paulle@windows.microsoft.com>
Subject: RE: [ldapext] draft-ietf-ldapext-locate
From: ned.freed@mrochek.com
Date: Thu, 15 Aug 2002 10:12:52 -0700 (PDT)
Cc: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>, Patrik Fältström <paf@cisco.com>, Michael Armijo <micharm@exchange.microsoft.com>, Levon Esibov <levone@windows.microsoft.com>, rlmorgan@washington.edu, ldapext@ietf.org, Ned Freed <ned.freed@mrochek.com>, ietf-ldap@paf.se
In-reply-to: "Your message dated Wed, 14 Aug 2002 16:59:45 -0700" <4AEE3169443CDD4796CA8A00B02191CD04929810@win-msg-01.wingroup.windeploy.ntdev.microsoft.com>
References: <4AEE3169443CDD4796CA8A00B02191CD04929810@win-msg-01.wingroup.windeploy.ntdev.microsoft.com>

> > > (1) This document specifies two things: How to translate a  DN to a DNS
> > > name and how to use a DNS name to locate a corresponding LDAP server.

> > I argue that the document specifies one process, to locate
> > LDAP servers with knowledge of a particular DN, which has two steps.

> > > The document seems to imply that the latter is only used when a DNS
> > > name is produced by the former. I wonder if this restriction is a good
> > > idea: Isn't the ability to use SRV records to locate more generally
> > > useful than this limited context?

> > I don't believe this document restricts how DNS SRV records
> > can be used.

> I think the real question being asked was "Isn't the ability to use SRV
> records to locate _LDAP servers_ more generally useful than this limited
> context?".

Yes, that's the question I was asking.

> If so, then I agree that it is more generally useful. Independently of
> DC laden DNs, ff one has the name of a domain, name, say "mit.edu", and
> wants to find LDAP servers associated with that domain, then it is
> logical that one should look up SRV RRs for "_ldap._tcp.mit.edu".

> However, I think that this capability is already adequately specified in
> RFC 2782 (DNS SRV RR RFC), where it says:

> "The format of the SRV RR

>    Here is the format of the SRV RR, whose DNS type code is 33:

>         _Service._Proto.Name TTL Class SRV Priority Weight Port Target

>         (There is an example near the end of this document.)

>    Service
>         The symbolic name of the desired service, as defined in Assigned
>         Numbers [STD 2] or locally.  An underscore (_) is prepended to
>         the service identifier to avoid collisions with DNS labels that
>         occur in nature.
>    ..."

> In the case of LDAP, the symbolic name is "LDAP".

Er, no. I remember this one... I wasn't an AD at the time but I was the IAB's
liason to the IESG. There was strong objection from the IESG to this DNS ops
document specifying how a particular application service should be located
using SRV records. As a result the text was modified to include the following:

   Note: LDAP is chosen as an example for illustrative purposes only,
   and the LDAP examples used in this document should not be considered
   a definitive statement on the recommended way for LDAP to use SRV
   records. As described in the earlier applicability section, consult
   the appropriate LDAP documents for the recommended procedures.

The bottom line is that if you think this sufficies as a specification of the
way to use SRV records to locate LDAP, you're mistaken. (And I know a
particular person who was on the IESG at the time who would be very amused to
hear this mistake was made.)

I don't know if this changes the previous assertion that this document
shouldn't make such a recommendation. Either way is fine with me as long
as it is clear what is meant.

				Ned


_______________________________________________
Ldapext mailing list
Ldapext@ietf.org
https://www1.ietf.org/mailman/listinfo/ldapext

References:
- RE: [ldapext] draft-ietf-ldapext-locate
  - From: "Paul Leach" <paulle@windows.microsoft.com>

Prev by Date: Re: [ldapext] draft-ietf-ldapext-locate
Next by Date: [ldapext] RE: draft-ietf-ldapext-locate
Index(es):
- Chronological
- Thread