idnits 2.17.1 draft-armijo-ldap-locate-00.txt: ** The Abstract section seems to be numbered Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Looks like you're using RFC 2026 boilerplate. This must be updated to follow RFC 3978/3979, as updated by RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** Missing expiration date. The document expiration date should appear on the first and last page. ** The document seems to lack a 1id_guidelines paragraph about 6 months document validity -- however, there's a paragraph with a matching beginning. Boilerplate error? == No 'Intended status' indicated for this document; assuming Proposed Standard == The page length should not exceed 58 lines per page, but there was 1 longer page, the longest (page 1) being 154 lines Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. ** There is 1 instance of too long lines in the document, the longest one being 2 characters in excess of 72. ** There is 1 instance of lines with control characters in the document. == There is 1 instance of lines with non-RFC6890-compliant IPv4 addresses in the document. If these are example addresses, they should be changed. Miscellaneous warnings: ---------------------------------------------------------------------------- -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- Couldn't find a document date in the document -- date freshness check skipped. Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Looks like a reference, but probably isn't: 'RFC 2251' on line 41 -- Looks like a reference, but probably isn't: 'RFC 2247' on line 55 == Unused Reference: '1' is defined on line 114, but no explicit reference was found in the text == Unused Reference: '2' is defined on line 117, but no explicit reference was found in the text == Unused Reference: '4' is defined on line 123, but no explicit reference was found in the text == Unused Reference: '5' is defined on line 126, but no explicit reference was found in the text ** Obsolete normative reference: RFC 2251 (ref. '1') (Obsoleted by RFC 4510, RFC 4511, RFC 4512, RFC 4513) ** Obsolete normative reference: RFC 2255 (ref. '5') (Obsoleted by RFC 4510, RFC 4516) ** Obsolete normative reference: RFC 2052 (ref. '6') (Obsoleted by RFC 2782) Summary: 11 errors (**), 0 flaws (~~), 7 warnings (==), 4 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 INTERNET-DRAFT Michael P. Armijo 2 Levon Esibov 3 June, 1999 Paul Leach 4 Expires: December, 1999 Microsoft Corporation 6 Discovering LDAP Services with DNS 8 Status of this Memo 10 This document is an Internet-Draft and is in full conformance with 11 all provisions of Section 10 of RFC2026. 13 Internet-Drafts are working documents of the Internet Engineering 14 Task Force (IETF), its areas, and its working groups. Note that 15 other groups may also distribute working documents as Internet- 16 Drafts. 18 Internet-Drafts are draft documents valid for a maximum of six months 19 and may be updated, replaced, or obsoleted by other documents at any 20 time. It is inappropriate to use Internet- Drafts as reference 21 material or to cite them other than as "work in progress." 23 The list of current Internet-Drafts can be accessed at 24 http://www.ietf.org/ietf/1id-abstracts.txt 26 The list of Internet-Draft Shadow Directories can be accessed at 27 http://www.ietf.org/shadow.html. 29 Distribution of this memo is unlimited. It is filed as , and expires on December 21, 1999. 31 Please send comments to the authors. 33 1. Abstract 35 This draft defines a way that native Internet LDAP servers can make 36 use of the DNS's knowledge base to provide clients a method to 37 resolve LDAP services for a given domain. 39 2. Introduction 41 The LDAPv3 protocol [RFC 2251] is designed to be a 42 lightweight access protocol for directory services supporting X.500 43 models. This may be the X.500 directory itself, but the LDAP 44 specification explicitly allows it to be a different directory. 45 Let us define a "native LDAP server" to be one that is not a front 46 end to the X.500 directory service. Let us further define an "Internet 47 based organization" as one that has a domain name, and an "Internet 48 LDAP server" to be one containing a directory entries for such an 49 organization. 51 This draft defines a way that native Internet LDAP servers can make 52 use of the DNS's knowledge base to perform the same function, while 53 still supporting integration with the X.500 directory. 55 This draft builds [RFC 2247] to define a mechanism by which collections of 56 native Internet LDAP servers can be integrated to create a directory 57 service. That work supports this cause by defining a mapping from 58 DNS names into LDAP DNs. In an Internet context, many of the names 59 about which users seek information are DNS names, or include DNS names. 60 A native LDAP based directory service for the Internet should make 61 it convenient to process such names -- there is a huge social 62 investment spanning two decades to get to the point where names 63 like "john.doe@somewhere.example" and "http://www.example.net" can 64 appear in newspaper articles, TV commercials, and on billboards 65 and millions of people understand what to do with them. As a result, 66 we assume that Internet based organizations wish to preserve this 67 investment, yet also want to deploy directory services. 69 3. Locating LDAP servers through DNS 71 Ldap server location information is to be stored using DNS SRV record 72 specified in [6]. Such SRV record contains the DNS name of the 73 server that provides the LDAP service, corresponding Port number, and 74 parameters that enable the client to choose an appropriate server 75 according to the algorithm described in [6] in case of multiple 76 LDAP servers, servicing the same domain. The name of this record 77 always has the following format: 79 _Service._Proto.Domain 81 where Service name is always "ldap", Proto is a protocol that can be 82 either "udp" or "tcp", and Domain is the ldap domain that this record 83 refers to. 85 Presense of such records enables clients to find the LDAP servers 86 (that support required protocol in specified domain) using standard 87 DNS query [3]. 88 As an example, a client that searches for an LDAP server in the 89 example.net domain that supports TCP protocol will submit a DNS 90 query for a set of SRV records with owner name _ldap._tcp.example.net. 91 The client will receive the list of SRV records published in DNS that 92 satisfy the requested criteria. The following is an example of such 93 record: 95 _ldap._tcp.example.net. IN SRV 0 0 389 phoenix.example.net. 97 The set of returned records may contain multiple records in case of 98 multiple LDAP servers serving the same domain. Combination with the 99 A resource records, such as 101 phoenix.example.net. IN A 255.255.255.254 103 resolved by DNS, enables clients to directly contact the LDAP servers. 105 4. Security Considerations 107 This document describes a method that uses DNS SRV records to 108 discover LDAP servers. All security considerations related to DNS 109 SRV records are inherited by this document. See the security 110 considerations section in [6] for more details. 112 5. References 114 [1] M. Wahl, T. Howes, S. Kille, "Lightweight Directory Access 115 Protocol(v3)". RFC 2251, December 1997. 117 [2] S. Kille, M. Wahl, "Using Domains in LDAP/X.500 Distinguished 118 Names". RFC 2247, January 1998. 120 [3] P. Mockapetris, RFC 1034, DOMAIN NAMES - CONCEPTS AND FACILITIES, 121 November, 1987. 123 [4] P. Mockapetris, RFC 1035, DOMAIN NAMES - IMPLEMENTATION AND 124 SPECIFICATION, November, 1987. 126 [5] T. Howes, M. Smith, "The LDAP URL Format". RFC 2255 December 1997. 128 [6] A. Gulbrandsen, P. Vixie, "A DNS RR for specifying the location of 129 services (DNS SRV)". http://www.ietf.org/internet-drafts/draft-ietf- 130 dnsind-rfc2052bis-02.txt, January 1999. 132 6. Authors' Addresses 134 Michael P. Armijo 135 One Microsoft Way 136 Redmond, WA 98052 137 micharm@microsoft.com 139 Paul Leach 140 One Microsoft Way 141 Redmond, WA 98052 142 paulle@microsoft.com 144 Levon Esibov 145 One Microsoft Way 146 Redmond, WA 98052 147 levone@microsoft.com 149 Expires December, 1999