|
Yeah, I suppose we could do that as well. I'm looking at the differences between the 00 version and the 09 version:
For the pwdPolicy class:
- pwdDefaultStorageScheme has been dropped
- pwdFailureCountResetTime has changed to pwdFailureCountInterval
- pwdGraceLoginLimit has changed to pwdGraceAuthNLimit
- pwdCheckSyntax has changed to pwdCheckQuality. It's syntax changed from boolean to integer, but I'm proposing to chainge it to oid
- pwdAttribute has been added as a MUST
- The usage of all attributes on pwdPolicy has changed from directoryOperation to userOperation
- The OID assigned to all attribute has changed at least once
There used to be a pwdInfoObj aux class which defined the state attribute. That's gone, but the attributes have gone through these changes:
- pwdExpirationTime and pwdAllowChangeTime have been replaced by pwdChangedTime
- pwdExpWarned has been dropped
- pwdRetryCount and pwdRetryCountResetTime have been replaced by pwdFailureTime
- pwdAccountUnlockTime has been replaced by pwdAccountLockedTime
- pwdGraceLeft has been replaced by pwdGraceUseTime
- The data format of pwdHistory has changed
- pwdReset has been added
- pwdPolicySubEntry has been added
- The OIDs of these have all changed at least once as well
Version 04 (July 2001) introduced the OIDs (prior to that, they actually used OIDs relative to an unnamed arc. Less has changed between the 04 and 08 versions in the schema definitions, but semantic changed (including buggy specifications) have changed over those four versions. I also believe most implementations were written to one of 04 - 07
So, it seems a good time to me to update the OIDs, as well as the names. I prefer to keep names that I don't believe will change syntactically or semantically. These include:
pwdMinAge, pwdMaxAge, and pwdInHistory (though I might like pwdHistorySize better), pwdHistory (though I can see the format possibly changing, thus a name change would be good), and pwdPolicySubentry. I can think of similar or better names for the rest of them.
Jim
>>> Andrew Sciberras <andrew.sciberras@eB2Bcom.com> 10/25/04 8:11:01 PM >>> G'Day Jim, I think that this is a good idea, however your email suggests that changing the OID's will disambiguate the semantics by which a password policy is being enforced. Do you plan to change the short name descriptors of the attributes as well? Andrew Sciberras Jim Sermersheim wrote: > This does bring up another point I wanted to discuss though... > > This draft was written way back when it was popular to assign OIDs in > I-D's. A practice that has lost favor partly due to implementations > using those OIDs and experiencing problems as semantics changed but OIDs > didn't. > > I'd like to move this I-D forward, and I don't want to be tied to any > semantics defined in previous versions. I propose that we replace the > existing OIDs with requests for IANA OIDs. This way, existing > implementations won't appear to be invalid according to the current and > future revisions, and I won't have to worry so much about breaking > existing implementations. > > What do other's think? > > Jim > |
_______________________________________________ Ldapext mailing list Ldapext@ietf.org https://www1.ietf.org/mailman/listinfo/ldapext