[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: LDAP control for multipile domains
> >Well, the structure that you dislike so much is more than just "popular
> >lately", it is a standards track RFC, i.e. RFC 2247.
I have read RFC 2247 with great interest. Unfortunately, it says
--
This document defines an algorithm by which a name registered with the
Internet Domain Name Service [2] can be represented as an LDAP
distinguished name.
--
But nowhere does it say *why*. No benefits of the given
"standard" are explained. No explanation of what problem it is solving.
The only explanation it gives is
--
The mechanism described in this document automatically provides an
enterprise a distinguished name for each domain name it has obtained for
use in the Internet. These distinguished names may be used to identify
objects in an LDAP directory.
--
The only time having a standard DN for a given company would be
useful, as far as I can tell, is if you want your company's LDAP server to
be part of some global searchable directory -- and thus would need a way
to "algorithmically transform" a company's domain name into a DN.
...and this would only be helpful if your company has a server
that answers to your domain name and also answers LDAP requests --
otherwise, you'd still need to know the DNS name or I.P. of the LDAP
server anyway.
So I'm still left wondering what this standard is good for. At
least now I can contact the RFC authors directly and ask them (thanks
again for the reference!).
> And dc=*,dc=* works with SRV records, where I can't see how o=*,c=* would.
Can you elaborate on this? What is an SRV record? This is (so
far) the only benefit I've seen mentioned.
Thanks,
Derek