upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-12-20 22:59:34 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

Update I-Ds.

Browse source
This commit is contained in:
Kurt Zeilenga 2002-06-13 16:14:10 +00:00
parent ad673923a3
commit c5de2fd6fd
2 changed files with 464 additions and 464 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

62
doc/drafts/draft-ietf-ldapext-locate-xx.txt
View file

@ -1,9 +1,9 @@
INTERNET-DRAFT Michael P. Armijo INTERNET-DRAFT Michael P. Armijo
<draft-ietf-ldapext-locate-07.txt> Levon Esibov <draft-ietf-ldapext-locate-08.txt> Levon Esibov
February 20, 2002 Paul Leach June 5, 2002 Paul Leach
Expires: August 20, 2002 Microsoft Corporation Expires: December 5, 2002 Microsoft Corporation
R.L. Morgan R.L. Morgan
University of Washington University of Washington
@ -31,7 +31,7 @@ Status of this Memo
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
Distribution of this memo is unlimited. It is filed as <draft- Distribution of this memo is unlimited. It is filed as <draft-
ietf-ldapext-locate-07.txt>, and expires on August 20, 2002. ietf-ldapext-locate-08.txt>, and expires on December 5, 2002.
Please send comments to the authors. Please send comments to the authors.
Copyright Notice Copyright Notice
@ -56,7 +56,7 @@ Abstract
Armijo, Esibov, Leach and Morgan [Page 1] Armijo, Esibov, Leach and Morgan [Page 1]
INTERNET-DRAFT Discovering LDAP Services with DNS February 20, 2002 INTERNET-DRAFT Discovering LDAP Services with DNS June 5, 2002
@ -103,6 +103,18 @@ INTERNET-DRAFT Discovering LDAP Services with DNS February 20, 2002
reasonable because many objects of interest are named with domain reasonable because many objects of interest are named with domain
names, and use of domain-name-based DNs is becoming common. names, and use of domain-name-based DNs is becoming common.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [9].
Armijo, Esibov, Leach and Morgan [Page 2]
INTERNET-DRAFT Discovering LDAP Services with DNS June 5, 2002
2. Mapping Distinguished Names into Domain Names 2. Mapping Distinguished Names into Domain Names
@ -112,11 +124,6 @@ INTERNET-DRAFT Discovering LDAP Services with DNS February 20, 2002
DNs cannot be converted into a domain name. Converted DNs result DNs cannot be converted into a domain name. Converted DNs result
in a fully qualified domain name. in a fully qualified domain name.
Armijo, Esibov, Leach and Morgan [Page 2]
INTERNET-DRAFT Discovering LDAP Services with DNS February 20, 2002
The output domain name is initially empty. The DN is processed in The output domain name is initially empty. The DN is processed in
right-to-left order (i.e., beginning with the first RDN in the right-to-left order (i.e., beginning with the first RDN in the
@ -163,16 +170,9 @@ INTERNET-DRAFT Discovering LDAP Services with DNS February 20, 2002
Armijo, Esibov, Leach and Morgan [Page 3] Armijo, Esibov, Leach and Morgan [Page 3]
INTERNET-DRAFT Discovering LDAP Services with DNS February 20, 2002 INTERNET-DRAFT Discovering LDAP Services with DNS June 5, 2002
Presence of such records enables clients to find the LDAP servers Presence of such records enables clients to find the LDAP servers
@ -191,7 +191,7 @@ INTERNET-DRAFT Discovering LDAP Services with DNS February 20, 2002
that satisfy the requested criteria. The following is an example of that satisfy the requested criteria. The following is an example of
such a record: such a record:
_ldap._tcp.example.net. IN SRV 0 0 389 phoenix.example.net. _ldap._tcp.example.net. IN SRV 0 0 389 phoenix.example.net.
The set of returned records may contain multiple records in the case The set of returned records may contain multiple records in the case
where multiple LDAP servers serve the same domain. If there are no where multiple LDAP servers serve the same domain. If there are no
@ -213,15 +213,15 @@ INTERNET-DRAFT Discovering LDAP Services with DNS February 20, 2002
intended to contact. See [7] for more information on security intended to contact. See [7] for more information on security
threats and security mechanisms. threats and security mechanisms.
When using LDAP with TLS the client must check the server's name, When using LDAP with TLS the client MUST check the server's name,
as described in section 3.6 of [RFC 2830]. As specified there, the as described in section 3.6 of [RFC 2830]. As specified there, the
name the client checks for is the server's name before any name the client checks for is the server's name before any
potentially insecure transformations, including the SRV record potentially insecure transformations, including the SRV record
lookup specified in this memo. Thus the name the client must check lookup specified in this memo. Thus the name the client MUST check
for is the name obtained by doing the mapping step defined in for is the name obtained by doing the mapping step defined in
section 2 above. For example, if the DN "cn=John section 2 above. For example, if the DN "cn=John
Doe,ou=accounting,dc=example,dc=net" is converted to the DNS name Doe,ou=accounting,dc=example,dc=net" is converted to the DNS name
"example.net", the server's name must match "example.net". "example.net", the server's name MUST match "example.net".
This document describes a method that uses DNS SRV records to This document describes a method that uses DNS SRV records to
discover LDAP servers. All security considerations related to DNS discover LDAP servers. All security considerations related to DNS
@ -230,7 +230,7 @@ INTERNET-DRAFT Discovering LDAP Services with DNS February 20, 2002
Armijo, Esibov, Leach and Morgan [Page 4] Armijo, Esibov, Leach and Morgan [Page 4]
INTERNET-DRAFT Discovering LDAP Services with DNS February 20, 2002 INTERNET-DRAFT Discovering LDAP Services with DNS June 5, 2002
6. References 6. References
@ -259,10 +259,11 @@ INTERNET-DRAFT Discovering LDAP Services with DNS February 20, 2002
"Authentication Methods for LDAP", RFC 2829, May 2000. "Authentication Methods for LDAP", RFC 2829, May 2000.
[8] Hodges, J., Morgan, R., Wahl, M., "Lightweight Directory Access [8] Hodges, J., Morgan, R., Wahl, M., "Lightweight Directory Access
Protocol (v3): Extension for Transport Layer Security", RFC 2830, Protocol (v3): Extension for Transport Layer Security",
May 2000. RFC 2830, May 2000.
[9] Bradner, S., "Key words for use in RFCs to Indicate Requirement
Levels", BCP 14, RFC 2119, March 1997.
@ -285,10 +286,9 @@ INTERNET-DRAFT Discovering LDAP Services with DNS February 20, 2002
levone@microsoft.com levone@microsoft.com
Armijo, Esibov, Leach and Morgan [Page 5] Armijo, Esibov, Leach and Morgan [Page 5]
INTERNET-DRAFT Discovering LDAP Services with DNS February 20, 2002 INTERNET-DRAFT Discovering LDAP Services with DNS June 5, 2002
RL "Bob" Morgan RL "Bob" Morgan
University of Washington University of Washington
@ -346,7 +346,7 @@ herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE
Armijo, Esibov, Leach and Morgan [Page 6] Armijo, Esibov, Leach and Morgan [Page 6]
INTERNET-DRAFT Discovering LDAP Services with DNS February 20, 2002 INTERNET-DRAFT Discovering LDAP Services with DNS June 5, 2002
INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
@ -356,7 +356,7 @@ WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE."
10. Expiration Date 10. Expiration Date
This documentis filed as <draft-ietf-ldapext-locate-06.txt>, and This document is filed as <draft-ietf-ldapext-locate-08.txt>, and
expires August 20, 2002. expires December 5, 2002.
Armijo, Esibov, Leach and Morgan [Page 7] Armijo, Esibov, Leach and Morgan [Page 7]

850
doc/drafts/draft-ietf-ldup-lcup-xx.txt
View file

File diff suppressed because it is too large Load diff