RE: Basic Cert-2-Directory mapping question

["Slone, Skip" <skip.slone@xxxxxxxx>]

If LDAPv3 referrals were sufficient, we wouldn't be having this
conversation.  

LDAPv3 referrals WILL work in the following two cases:

1) where my server's administrator already knows how to find the target name
space, or
2) where my server and the server holding the target name space participate
in some fully-connected DIT in which unknown names are resolved by way of a
default referral up to a server maintaining the root naming context, from
where I can get a referral leading back down to the target.  (Extended
globally, this is the original X.500 vision; on a smaller scale, it's
practical for something like an industry-wide association.)

What I'm discussing is a way to fill in the gap where (1) my server does not
already know how to find a certain name space, and (2) there's a knowledge
disconnect between my server and the server holding the target. In this
case, LDAPv3 referrals WILL NOT work. 

 -- Skip

-----Original Message-----
From: Michael Ströder [mailto:michael@xxxxxxxxxxxx]
Sent: Thursday, January 11, 2001 3:40 AM
To: ietf-pkix@xxxxxxx
Subject: Re: Basic Cert-2-Directory mapping question


"Slone, Skip" wrote:
> 
> By way of example, what I'm talking about is the ability to
> take a DN of the form "cn=Skip Slone, o=Lockheed Martin, c=US" and
> determine that the LDAP server to check is found at (for example)
> ldap1.external.lmco.com.

Could be done with LDAPv3 referrals from your default LDAP server to
the target LDAP server holding the entry (e.g. described on
http://www.terena.nl/projects/direct/ for country-level
directories). I'm pretty sure Janus Liebregts and David Chadwick
know more about it.

Ciao, Michael.