[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Openldap 2.x but still no roaming profiles

At 11:32 PM 9/16/00 +0200, Hugo.van.der.Kooij@caiw.nl wrote:
>On Sat, 16 Sep 2000 Hugo.van.der.Kooij@caiw.nl wrote:
>> I've done testing with two netscape clients (1 on win 98 and 1 on linux).
>> The win98 normally uses another ldap server (openldap 1.2.11) and can
>> store it's info there but up 'till now I'm unsuccesfull in ding the same
>> job with OpenLDAP 2.0
>I've done some more testing with ethereal 0.8.12 as referee. It seems
>there still exists some issue with the ;binary stuff in v2.0.3 present.
>The trace shows:
>        Error Message: attribute requires ;binary transfer

This message indicates the client provided an attribute without
using ;binary when the server required it.  The OpenLDAP 2.0
server requires ;binary transfer of a number of syntaxes.  Besides
certificates and such, 2.0.3 requires ;binary transfer of the binary
syntax.  Due to a bug in prior releases, binary syntax did not
require ;binary transfer (though this was our intent as indicated
in our subschema).  ;binary transfer of the binary syntax is
needed for inetOrgPerson compatibility.  This will, however,
break applications not expecting this ;binary transfer of the
binary syntax.

I raised the question to IETF LDAPbis BOF mailing list
<http://www.openldap.org/ietf-ldapbis/> for discussion.  This
appears to be compatibility issue which needs to be addressed
in the LDAPv3 specifications.

As far as Netscape Roaming interoperability goes, I suggest you
redefine (with new OIDs) each attribute type of binary syntax
to be octetString syntax.  This is likely what Netscape meant
all along.   As I noted previously, arbitrarily mapping old
'bin' to binary does make sense.