[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: LDAP Requirements comments
At 06:04 PM 2001-11-21, Ed Reed wrote:
>>>> "Kurt D. Zeilenga" <Kurt@xxxxxxxxxxxx> 11/21/01 04:47PM >>>
> G7. All policy and state data pertaining to replication MUST
> be accessible via LDAP.
>All? This needs to be constrained to the subset of policy and
>state information necessary to effectively administrate LDAP
><eer> Why? From the perspective of the protocol we're
>designing, what policy and state data should be excluded from
>access via LDAP?
Policy and state data which is not necessary to effectively
administrate LDAP replication.
RECOMMEND'ing ALL would be okay, or MUST'ing a subset needed
to effective administrate would be okay. But, IMO, MUST'ing
ALL is a bad idea (and counter to 2119 guidance).
>None that I can think of, and I think it is
>a desireable goal that it all be available, to the extent
>that LDAP is able to access the data elements, that is - for
>instance, authentication credentials, either derived or
>passwords that are not normally accessible via LDAP
>shouldn't be accessible via LDAP (!), so I guess I'd
>agree to some <mumble> along those lines...but are
>you thinking of something else I should be aware of?
I'm thinking the requirement should be reworded in terms
of why we desire this policy and state data to be in the