Browse Prior Art Database

OpenLDAP Root Service An experimental LDAP referral service (RFC3088)

IP.com Disclosure Number: IPCOM000005282D
Original Publication Date: 2001-Apr-01
Included in the Prior Art Database: 2001-Aug-20
Document File: 12 page(s) / 20K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

K. Zeilenga: AUTHOR

Abstract

The OpenLDAP Project is operating an experimental LDAP (Lightweight Directory Access Protocol) referral service known as the "OpenLDAP Root Service". The automated system generates referrals based upon service location information published in DNS SRV RRs (Domain Name System location of services resource records). This document describes this service.

This text was extracted from a ASCII Text document.
This is the abbreviated version, containing approximately 18% of the total text.

Network Working Group K. Zeilenga Request for Comments: 3088 OpenLDAP Foundation Category: Experimental April 2001

OpenLDAP Root Service An experimental LDAP referral service

Status of this Memo

This memo defines an Experimental Protocol for the Internet community. It does not specify an Internet standard of any kind. Discussion and suggestions for improvement are requested. Distribution of this memo is unlimited.

Copyright Notice

Copyright (C) The Internet Society (2001). All Rights Reserved.

Abstract

The OpenLDAP Project is operating an experimental LDAP (Lightweight Directory Access Protocol) referral service known as the "OpenLDAP Root Service". The automated system generates referrals based upon service location information published in DNS SRV RRs (Domain Name System location of services resource records). This document describes this service.

1. Background

LDAP [RFC2251] directories use a hierarchical naming scheme inherited from X.500 [X500]. Traditionally, X.500 deployments have used a geo-political naming scheme (e.g., CN=Jane Doe,OU=Engineering,O=Example,ST=CA,C=US). However, registration infrastructure and location services in many portions of the naming hierarchical are inadequate or nonexistent.

The construction of a global directory requires a robust registration infrastructure and location service. Use of Internet domain-based naming [RFC2247] (e.g., UID=jdoe,DC=eng,DC=example,DC=net) allows LDAP directory services to leverage the existing DNS [RFC1034] registration infrastructure and DNS SRV [RFC2782] resource records can be used to locate services [LOCATE].

Zeilenga Experimental [Page 1]

RFC 3088 OpenLDAP Root Service April 2001

1.1. The Glue

Most existing LDAP implementations do not support location of directory services using DNS SRV resource records. However, most servers support generation of referrals to "superior" server(s). This service provides a "root" LDAP service which servers may use as their superior referral service.

Client may also use the service directly to locate services associated with an arbitrary Distinguished Name [RFC2253] within the domain based hierarchy.

Notice: The mechanisms used by service are experimental. The descriptions provided by this document are not definitive. Definitive mechanisms shall be published in a Standard Track document(s).

2. Generating Referrals based upon DNS SRV RRs

This service returns referrals generated from DNS SRV resource records [RFC2782].

2.1. DN to Domain Name Mapping

The service maps a DN [RFC2253] to a fully qualified domain name using the following algorithm:

domain null; foreach RDN left-to-right [1]

if not multi-valued RDN and

RDN.type domainComponent if domain null domain "." start

domain ""; else append separator

domain .= ".";

if RDN.value "." root

domain "."; else

Zeilenga Experimental [Page 2]

RFC 3088 OpenLDAP Root Service April 2001

append domainComponent

domain .= RDN.value;

continue;

domain null;

Examples:

Distinguished Name Domain DC=example,DC=net example.net UID=jdoe,DC=example,DC=net e...