[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: [ldapext] Authentication information in LDAP URLs

To: Michael Ströder <michael@stroeder.com>
Subject: Re: [ldapext] Authentication information in LDAP URLs
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Thu, 29 Apr 2004 06:48:11 -0700
Cc: ldapext@ietf.org, ietf-ldapbis@OpenLDAP.org
In-reply-to: <409098ED.7090500@stroeder.com>
References: <019d01c42910$00172970$1801a8c0@CELLO> <40892F18.7060308@stroeder.com> <20040427112026.GE28861@sverresborg.uninett.no> <6.0.1.1.0.20040427144615.04a50128@127.0.0.1> <408F5DC1.3000501@stroeder.com> <6.0.1.1.0.20040428115445.04ba9290@127.0.0.1> <409098ED.7090500@stroeder.com>

At 10:55 PM 4/28/2004, Michael Ströder wrote:
>Kurt D. Zeilenga wrote:
>>At 12:31 AM 4/28/2004, Michael Ströder wrote:
>>>Kurt D. Zeilenga wrote:
>>>>In note that LDAPBIS had concerns with bindname not be
>>>>recognized (let alone supported) by all implementations
>>>>and axed it from the revised technical specification.
>>>Uuuh? (Cc:-ed ietf-ldapbis@OpenLDAP.org)
>>As the feature uses an extension mechanism and should be
>>Elective as well as truly optional, it is recognized
>>that the specification for this feature, like many other
>>extensions, can be separately documented and separately
>>progressed from the LDAP 'core' technical specification.
>
>But with removing bindname extension from draft-ietf-ldapbis-url LDAPBIS WG breaks existing LDAPv3 implementations.

No it doesn't.  draft-ietf-ldapbis-url allows extensions such
as bindname, it just doesn't specify them.  bindname is still
specified in RFC 2255.  Publication of draft-ietf-ldapbis-url
will mean that the current specification of bindname is
Historic until a separate specification of bindname is
progressed.  Such reorganization doesn't 'break' any existing
implementation, nor even cause any implementation to be
non-conformant.  It just means these implementation support
a separately defined LDAP URL extension.

>This is a strong contradiction to the goal of LDAPBIS WG (as you wrote on LDAPBIS mailing list many many times).

I disagree.  The goal of this WG, as detailed in the charter,
is to engineer an LDAPv3 "core" technical specification
suitable for progression to Draft Standard.   This has and
will involve reorganization of the technical specification,
including pushing some features out of the 'core'
specification.  This has been discussed many times, including
during our chartering process and as we undertook previous
reorganizations which 'removed' specifications of certain
features from the 'core').

>>Given this, and the lateness of this concern, I will not
>>entertain (at this time) the question of whether the
>>specification of this feature should or should not be
>>reincorporated into the 'core' specification.
>
>I strongly disagree here! You're violating the goal of LDAPBIS not to break existing LDAPv3 implementations.

See above.

Kurt

References:
- Re: [ldapext] Authentication information in LDAP URLs
  - From: Michael Ströder <michael@stroeder.com>
- Re: [ldapext] Authentication information in LDAP URLs
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Re: [ldapext] Authentication information in LDAP URLs
  - From: Michael Ströder <michael@stroeder.com>

Prev by Date: Re: [ldapext] Authentication information in LDAP URLs
Next by Date: Re: Hello
Index(es):
- Chronological
- Thread