[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: [ldapext] Why not leverage LDAP URLs in draft-joslin-config-schema-04?

To: <michael@stroeder.com>, <ldapext@ietf.org>
Subject: RE: [ldapext] Why not leverage LDAP URLs in draft-joslin-config-schema-04?
From: "Bob Joslin" <bob_joslin@hp.com>
Date: Fri, 27 Sep 2002 09:51:48 -0700
Cc: <unixprofile@raptor.cup.hp.com>
Importance: Normal
In-reply-to: <3D947989.3070001@stroeder.com>

Hi Michael,

Just for a bit of clarification, we're not proposing new syntaxes for
server implementations.  Instead we are defining BNF for the client to
follow.

( DUAConfSchemaOID.1.14 NAME 'serviceSearchDescriptor'
  DESC 'LDAP search descriptor list used by a DUA'
  EQUALITY caseExactMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )

Notice that we've defined the above syntax as a "Directory String."

We did strongly consider the LDAP URL for the "search descriptor"
however we determined it did not fit the needs of the clients that would
be using the DUA Config Profile.  Some of the requirements including the
ability to fall through to a list of servers, while using the same
search data (base, filter scope.)  In additon, we required the ability
to specify multiple ordered searches.  If we had used the LDAP URL, we
would not have had the ability to order that list.  And finally, we
needed the abiltiy to specify a shared profile, but that could have
specific search descriptors for different services.  In a way this could
have possiblity been specified with multiple LDAP URLs under multiple
entries, we felt the proposed BNF would be simpler, and valid, given the
other requirements.

Your comment about SSL is correct, and an area we need to address in the
draft.

BTW, draft-joslin-config-schema is not a product of ldapext, or other
IETF WG.  But comments from members are welcome and encouraged.  If
you'd like to pursue extensive discussion on this, then I'll add you to
the profile mailing list.  Recently our other activities have keep
discussion on this topic to a minimum.

Bob Joslin

> -----Original Message-----
> From: ldapext-admin@ietf.org
> [mailto:ldapext-admin@ietf.org]On Behalf Of
> Michael Stroder
> Sent: Friday, September 27, 2002 8:30 AM
> To: ldapext@ietf.org
> Subject: [ldapext] Why not leverage LDAP URLs in
> draft-joslin-config-schema-04?
>
>
> HI!
>
> I've glanced over draft-joslin-config-schema-04 today but I
> have some doubts
> about it. Any rationale why there are so many new syntaxes
> invented for all
> the attribute values instead of consequently leveraring LDAP URLs?
>
> E.g. as I understand it one can't specify to use LDAP over SSL in
> preferredServerList and defaultServerList. I know that using
> StartTLS ext.
> op. is the standard track but LDAP over SSL specified by LDAP
> URL scheme
> 'ldaps' is very common.
>
> Ciao, Michael.
>
> _______________________________________________
> Ldapext mailing list
> Ldapext@ietf.org
> https://www1.ietf.org/mailman/listinfo/ldapext

_______________________________________________
Ldapext mailing list
Ldapext@ietf.org
https://www1.ietf.org/mailman/listinfo/ldapext

References:
- [ldapext] Why not leverage LDAP URLs in draft-joslin-config-schema-04?
  - From: Michael Ströder <michael@stroeder.com>

Prev by Date: [ldapext] VLV: false Sort Control assumption
Next by Date: Re: [ldapext] VLV: false Sort Control assumption
Index(es):
- Chronological
- Thread