[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP control for multipile domains

> >Well, the structure that you dislike so much is more than just "popular
> >lately", it is a standards track RFC, i.e. RFC 2247.

	I have read RFC 2247 with great interest.  Unfortunately, it says
This document defines an algorithm by which a name registered with the
Internet Domain Name Service [2] can be represented as an LDAP
distinguished name.

	But nowhere does it say *why*.  No benefits of the given
"standard" are explained.  No explanation of what problem it is solving.
The only explanation it gives is

The mechanism described in this document automatically provides an
enterprise a distinguished name for each domain name it has obtained for
use in the Internet.  These distinguished names may be used to identify
objects in an LDAP directory.
	The only time having a standard DN for a given company would be
useful, as far as I can tell, is if you want your company's LDAP server to
be part of some global searchable directory -- and thus would need a way
to "algorithmically transform" a company's domain name into a DN.

	...and this would only be helpful if your company has a server
that answers to your domain name and also answers LDAP requests --
otherwise, you'd still need to know the DNS name or I.P. of the LDAP
server anyway.

	So I'm still left wondering what this standard is good for.  At
least now I can contact the RFC authors directly and ask them (thanks
again for the reference!).

> And dc=*,dc=* works with SRV records, where I can't see how o=*,c=* would.

	Can you elaborate on this?  What is an SRV record?  This is (so
far) the only benefit I've seen mentioned.