[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: LDAP ISSUE

Dave

the current LDAP model is that the server does the mapping, and that the
client does not need to be bothered with the OIDs. Simple clients will
not map between keywords and the user interface (the user will see the
keywords). More sophisticated clients will do some presentation mapping
e.g. serialNumber into Serial Number.

David


Steve Hanna wrote:
> 
> Yes, this is a presentation issue. OIDs work fine on the wire
> (in the LDAP protocol). Keywords are only important when
> users need to understand the DN. I agree with your suggestion
> completely. Use OIDs on the wire for maximum compatibility
> and simplicity in implementation. Clients can translate these
> to and from user-friendly keywords, if they want.
> 
> -Steve
> 
> >
> >Steve,
> >
> >That sounds like a presentation issue, and perhaps that's what
> >you meant to imply by emphasizing "on the wire".
> >
> >Would it not be reasonable for new DN attribute keywords to
> >be registered with IANA, and permit newly developed clients
> >to translate between keywords (for human consumption)
> >and OIDs (on the wire)?
> >
> >Dave
> >
> >
> >
> >
> >Steve Hanna wrote:
> >>
> >> Actually, there is a good reason for the position of the LDAP
> >> group on this issue.
> >>
> >> The reason that new keywords for attribute types in X.500 DNs
> >> cannot be sent on the wire in LDAP protocol messages is that
> >> old LDAP servers won't know what the new keywords mean. For
> >> user input and output, new keywords can be added. But you
> >> can't expect existing LDAP servers to automagically understand
> >> what a new keyword means when they see it on the wire. OIDs
> >> are the best way to handle this.
> >>
> >> Also, this is not a new position. RFC 1779 (for LDAPv2)
> >> allowed new keywords and defined an IANA registry. But no
> >> new keywords were ever defined. I suspect that people
> >> realized the problems that would ensue. RFC 2253 (for LDAPv3)
> >> does not allow new keywords. And the revised version of 2253
> >> (draft-ietf-ldapbis-dn-07.txt) also does not.
> >>
> >> Steve

-- 
*****************************************************************

David W. Chadwick, BSc PhD
Professor of Information Systems Security
IS Institute, University of Salford, Salford M5 4WT
Tel: +44 161 295 5351  Fax +44 01484 532930
Mobile: +44 77 96 44 7184
Email: D.W.Chadwick@xxxxxxxxxxxxx
Home Page:  http://www.salford.ac.uk/its024/chadwick.htm
Research Projects: http://sec.isi.salford.ac.uk
Understanding X.500:  http://www.salford.ac.uk/its024/X500.htm
X.500/LDAP Seminars: http://www.salford.ac.uk/its024/seminars.htm
Entrust key validation string: MLJ9-DU5T-HV8J
PGP Key ID is 0xBC238DE5

*****************************************************************
begin:vcard 
n:Chadwick;David
tel;cell:+44 77 96 44 7184
tel;fax:+44 1484 532930
tel;home:+44 1484 352238
tel;work:+44 161 295 5351
x-mozilla-html:FALSE
url:http://www.salford.ac.uk/its024/chadwick.htm
org:University of Salford;IS Institute
version:2.1
email;internet:d.w.chadwick@xxxxxxxxxxxxx
title:Professor of Information Security
adr;quoted-printable:;;The Crescent=0D=0A;Salford;Greater Manchester;M5 4WT;England
note;quoted-printable:Research Projects: http://sec.isi.salford.ac.uk.......................=0D=0A=0D=0AUnderstanding X.500:  http://www.salford.ac.uk/its024/X500.htm .......................=0D=0A=0D=0AX.500/LDAP Seminars: http://www.salford.ac.uk/its024/seminars.htm...................=0D=0A=0D=0AEntrust key validation string: CJ94-LKWD-BSXB ...........=0D=0A=0D=0APGP Key ID is 0xBC238DE5
x-mozilla-cpt:;-4856
fn:David Chadwick
end:vcard