[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: [ldapext] UTF-8 full support in LDIF / LDIF v2

To: Kurt Zeilenga <Kurt.Zeilenga@Isode.com>
Subject: Re: [ldapext] UTF-8 full support in LDIF / LDIF v2
From: Steven Legg <steven.legg@eb2bcom.com>
Date: Thu, 02 Jul 2009 15:57:55 +1000
Cc: ldapext@ietf.org, Michael Ströder <michael@stroeder.com>
Delivered-to: ldapext@core3.amsl.com
In-reply-to: <5EF85B07-379E-4549-8112-17B9D0428589@Isode.com>
References: <49C497F9.7010200@zioup.com> <CD3905D4-2A25-4C56-8187-3CE10D46C929@isode.com> <49C870C6.4010803@zioup.com> <E94B7389-9A6D-4CB6-BB2C-649CCD3FD15B@Isode.com> <49CB192E.5050105@zioup.com> <49CB211C.6070108@eb2bcom.com> <49CB87FE.1050809@zioup.com> <49CC01DE.6040506@eb2bcom.com> <4A24557D.7030006@zioup.com> <4A26A05D.8040105@zioup.com> <245BF18B-2066-4E36-9502-16F4A3140D9E@Isode.com> <4A309775.3080406@zioup.com> <4A311ED1.1030202@stroeder.com> <4A31D27B.3090208@zioup.com> <35B2A165-CE5D-4650-AADE-CC233F71470E@Isode.com> <4A35D23D.5040307@zioup.com> <D437E784-4198-4037-A4EA-0300439C3D2C@Isode.com> <4A37BCEB.5040103@zioup.com> <68380E97-521C-4A80-A569-D09F8F626F6F@Isode.com> <4A3A1D81.1000407@stroeder.com> <32A3DDC8-FC80-490B-89A2-71ADC9582190@Isode.com> <4A4A8E14.5020909@stroeder.com> <5EF85B07-379E-4549-8112-17B9D0428589@Isode.com>
User-agent: Thunderbird 2.0.0.22 (Windows/20090605)


Kurt,

Kurt Zeilenga wrote:


On Jun 30, 2009, at 3:13 PM, Michael Ströder wrote:


[snip]

I agree that LDIF is just an alternative encoding of protocol data
units. So lifting the ASCII limitation in LDIF would IMO not introduce
any other problem a LDAP client with user interface does not already
have today (despite the new-line issue).
Removing the ASCII restriction will mean that users and systems willneed to be far more careful in how they transfer LDIF data. Today, onecan email LDIF files about, FTP them without putting clients in "binary"mode, etc, because of the ASCII restriction. Without this restriction,users and systems will have to be quite careful to ensure transferspreserve the LDIF data octet-for-octet.


[snip]

I'm broadly in agreement with Michael that extended LDIF and LDAP clients
face much the same issues, but there is one way in which they differ. If
I use a client to edit an attribute value, then the scope of invisible,
inadvertent changes is probably that one value (which I'm changing anyway),
or if it is a poor client, then maybe the whole attribute or whole entry.
If I carelessly edit or transmit an extended LDIF dump, then the scope of
inadvertent changes is the entire collection of entries in the dump.

As a way to mitigate wholesale inadvertent changes I suggest that the
extended format should allow each attribute value with non-ASCII characters
that is presented in the clear to be optionally followed by the same value
in the base64 encoding. The format would be designed so that the following
base64 encoding is clearly paired with the value in the clear rather than it
being the next attribute value that happens to be base64 encoded.
The paired base64 encoding, if present, will always take precedence over
the value in the clear. That is, on parsing, the base64 encoding is used and
the value in the clear is ignored.

Normal practice for directory servers when outputting non-ASCII values
in the clear would be to pair them up with their base64 encoding.
Anyone manually editing the dump file has to remember to remove the base64
encoding part for a change to the value in the clear to be accepted,
which is a minor inconvenience. However, any inadvertent changes to other
values in the clear won't have any effect because their base64 encoded
parts will still be there, and the extended LDIF format will be just as
robust as normal LDIF for transport around the network.

When composing data from non-directory data sources to import into a
directory, the values can still be conveniently presented in the clear
without needing to generate a base64 encoding for them. When extracting data
from the directory to feed into other systems the values in the clear
can be used and the base64 encoded parts ignored.

Comments anyone ?

Regards,
Steven
_______________________________________________
Ldapext mailing list
Ldapext@ietf.org
https://www.ietf.org/mailman/listinfo/ldapext

Next by Date: Re: [ldapext] Unfinished business: password policy and VLV
Index(es):
- Chronological
- Thread