[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP control for multipile domains



> >Well, the structure that you dislike so much is more than just "popular
> >lately", it is a standards track RFC, i.e. RFC 2247.

	I have read RFC 2247 with great interest.  Unfortunately, it says
--
This document defines an algorithm by which a name registered with the
Internet Domain Name Service [2] can be represented as an LDAP
distinguished name.
--

	But nowhere does it say *why*.  No benefits of the given
"standard" are explained.  No explanation of what problem it is solving.
The only explanation it gives is

-- 
The mechanism described in this document automatically provides an
enterprise a distinguished name for each domain name it has obtained for
use in the Internet.  These distinguished names may be used to identify
objects in an LDAP directory.
-- 
	The only time having a standard DN for a given company would be
useful, as far as I can tell, is if you want your company's LDAP server to
be part of some global searchable directory -- and thus would need a way
to "algorithmically transform" a company's domain name into a DN.

	...and this would only be helpful if your company has a server
that answers to your domain name and also answers LDAP requests --
otherwise, you'd still need to know the DNS name or I.P. of the LDAP
server anyway.

	So I'm still left wondering what this standard is good for.  At
least now I can contact the RFC authors directly and ask them (thanks
again for the reference!).


> And dc=*,dc=* works with SRV records, where I can't see how o=*,c=* would.

	Can you elaborate on this?  What is an SRV record?  This is (so
far) the only benefit I've seen mentioned.


Thanks,
Derek