From: Kurt Zeilenga Date: Sat, 8 Jun 2002 18:40:58 +0000 (+0000) Subject: Update X-Git-Tag: OPENLDAP_REL_ENG_2_MP~2 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=af744d8f1eb03c214c368c11c058fa78163fc4ce;p=openldap Update --- diff --git a/doc/drafts/draft-ietf-ldapext-locate-xx.txt b/doc/drafts/draft-ietf-ldapext-locate-xx.txt index 5df1a32760..3acec7bd24 100644 --- a/doc/drafts/draft-ietf-ldapext-locate-xx.txt +++ b/doc/drafts/draft-ietf-ldapext-locate-xx.txt @@ -1,9 +1,9 @@ INTERNET-DRAFT Michael P. Armijo - Levon Esibov -November 13, 2001 Paul Leach -Expires: May 13, 2002 Microsoft Corporation + Levon Esibov +February 20, 2002 Paul Leach +Expires: August 20, 2002 Microsoft Corporation R.L. Morgan University of Washington @@ -31,7 +31,7 @@ Status of this Memo http://www.ietf.org/shadow.html. Distribution of this memo is unlimited. It is filed as , and expires on February 25, 2001. + ietf-ldapext-locate-07.txt>, and expires on August 20, 2002. Please send comments to the authors. Copyright Notice @@ -56,7 +56,7 @@ Abstract Armijo, Esibov, Leach and Morgan [Page 1] -INTERNET-DRAFT Discovering LDAP Services with DNS Novemeber 13, 2001 +INTERNET-DRAFT Discovering LDAP Services with DNS February 20, 2002 @@ -114,7 +114,7 @@ INTERNET-DRAFT Discovering LDAP Services with DNS Novemeber 13, 2001 Armijo, Esibov, Leach and Morgan [Page 2] -INTERNET-DRAFT Discovering LDAP Services with DNS Novemeber 13, 2001 +INTERNET-DRAFT Discovering LDAP Services with DNS February 20, 2002 @@ -137,7 +137,7 @@ INTERNET-DRAFT Discovering LDAP Services with DNS Novemeber 13, 2001 The client would convert the DC components as defined above into DNS name: - example.net. + example.net The determined DNS name will be submitted as a DNS query using the algorithm defined in section 3. @@ -153,7 +153,7 @@ INTERNET-DRAFT Discovering LDAP Services with DNS Novemeber 13, 2001 appropriate server from multiple servers according to the algorithm described in [5]. The name of this record has the following format: - _._. + _._.. where is "ldap", and is "tcp". is the domain name formed by converting the DN of a naming context mastered @@ -172,8 +172,7 @@ INTERNET-DRAFT Discovering LDAP Services with DNS Novemeber 13, 2001 Armijo, Esibov, Leach and Morgan [Page 3] -INTERNET-DRAFT Discovering LDAP Services with DNS Novemeber 13, 2001 - +INTERNET-DRAFT Discovering LDAP Services with DNS February 20, 2002 Presence of such records enables clients to find the LDAP servers @@ -201,7 +200,6 @@ INTERNET-DRAFT Discovering LDAP Services with DNS Novemeber 13, 2001 portion of the constructed fully qualified domain name. - 4. IANA Considerations This document does not require any IANA actions. @@ -215,22 +213,24 @@ INTERNET-DRAFT Discovering LDAP Services with DNS Novemeber 13, 2001 intended to contact. See [7] for more information on security threats and security mechanisms. - The client MUST use the server hostname it used to open the LDAP - connection as the value to compare against the server name as - expressed in the server's certificate. The client MUST NOT use the - server's canonical DNS name or any other derived form of name. + When using LDAP with TLS the client must check the server's name, + as described in section 3.6 of [RFC 2830]. As specified there, the + name the client checks for is the server's name before any + potentially insecure transformations, including the SRV record + lookup specified in this memo. Thus the name the client must check + for is the name obtained by doing the mapping step defined in + section 2 above. For example, if the DN "cn=John + Doe,ou=accounting,dc=example,dc=net" is converted to the DNS name + "example.net", the server's name must match "example.net". This document describes a method that uses DNS SRV records to discover LDAP servers. All security considerations related to DNS SRV records are inherited by this document. See the security considerations section in [5] for more details. - - - Armijo, Esibov, Leach and Morgan [Page 4] -INTERNET-DRAFT Discovering LDAP Services with DNS Novemeber 13, 2001 +INTERNET-DRAFT Discovering LDAP Services with DNS February 20, 2002 6. References @@ -288,7 +288,7 @@ INTERNET-DRAFT Discovering LDAP Services with DNS Novemeber 13, 2001 Armijo, Esibov, Leach and Morgan [Page 5] -INTERNET-DRAFT Discovering LDAP Services with DNS Novemeber 13, 2001 +INTERNET-DRAFT Discovering LDAP Services with DNS February 20, 2002 RL "Bob" Morgan University of Washington @@ -346,7 +346,7 @@ herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE Armijo, Esibov, Leach and Morgan [Page 6] -INTERNET-DRAFT Discovering LDAP Services with DNS Novemeber 13, 2001 +INTERNET-DRAFT Discovering LDAP Services with DNS February 20, 2002 INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE @@ -357,6 +357,6 @@ WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE." 10. Expiration Date This documentis filed as , and - expires May 13, 2002. + expires August 20, 2002. Armijo, Esibov, Leach and Morgan [Page 7] \ No newline at end of file