Re: [ldapext] Authentication information in LDAP URLs

[Michael Ströder <michael@stroeder.com>]

Kurt D. Zeilenga wrote:
> At 12:31 AM 4/28/2004, Michael Ströder wrote:
>
> > Kurt D. Zeilenga wrote:
> >
> > > In note that LDAPBIS had concerns with bindname not be
> > > recognized (let alone supported) by all implementations
> > > and axed it from the revised technical specification.
> >
> > Uuuh? (Cc:-ed ietf-ldapbis@OpenLDAP.org)
>
> As the feature uses an extension mechanism and should be
> Elective as well as truly optional, it is recognized
> that the specification for this feature, like many other
> extensions, can be separately documented and separately
> progressed from the LDAP 'core' technical specification.

But with removing bindname extension from draft-ietf-ldapbis-url LDAPBIS WG 
breaks existing LDAPv3 implementations. This is a strong contradiction to 
the goal of LDAPBIS WG (as you wrote on LDAPBIS mailing list many many times).

> Given this, and the lateness of this concern, I will not
> entertain (at this time) the question of whether the
> specification of this feature should or should not be
> reincorporated into the 'core' specification.

I strongly disagree here! You're violating the goal of LDAPBIS not to break 
existing LDAPv3 implementations.

Note that bindname extensions in RFC2255 was just LDAP URL syntax, no 
semantics were described there. Which is ok IMO.

Ciao, Michael.