[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Is there anything in LDAP that works similar to HTTP's virtual hosting.

To: John Lewis <oflameo2@gmail.com>, openldap-technical@openldap.org
Subject: Re: Is there anything in LDAP that works similar to HTTP's virtual hosting.
From: Michael Ströder <michael@stroeder.com>
Date: Mon, 17 Apr 2017 13:39:24 +0200
In-reply-to: <1492377082.2342.10.camel@gmail.com>
Openpgp: id=43C8730E84A20E560722806C07DC7AE36A8BC938
References: <1492377082.2342.10.camel@gmail.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:49.0) Gecko/20100101 SeaMonkey/2.46

John Lewis wrote:
> I am reading in the LDAP spec https://tools.ietf.org/html/rfc4511 about
> naming contexts and I am looking at my RootDSE. 
> 
> Since my DIT mirrors DNS https://tools.ietf.org/html/rfc2247, there must
> be some way to route someone to the correct naming context based on the
> DNS they were using to access the LDAP server, otherwise I just don't
> understand the spec.

https://tools.ietf.org/html/rfc2782

Note:

1. If you're using TLS there's AFAIK no specification how to implement the TLS hostname
check (see https://tools.ietf.org/html/rfc6125) to prevent MITM attacks.

2. You still need a-priori configuration how the client should authenticate to the directory.

Ciao, Michael.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Follow-Ups:
- Re: Is there anything in LDAP that works similar to HTTP's virtual hosting.
  - From: Rick van Rein <rick@openfortress.nl>
- Re: Is there anything in LDAP that works similar to HTTP's virtual hosting.
  - From: Aaron Richton <richton@nbcs.rutgers.edu>

References:
- Is there anything in LDAP that works similar to HTTP's virtual hosting.
  - From: John Lewis <oflameo2@gmail.com>

Prev by Date: this is really good news
Next by Date: Re: Is there anything in LDAP that works similar to HTTP's virtual hosting.
Index(es):
- Chronological
- Thread