idnits 2.17.1 draft-ietf-lsd-server-finding-01.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Cannot find the required boilerplate sections (Copyright, IPR, etc.) in this document. Expected boilerplate is as follows today (2024-04-26) according to https://trustee.ietf.org/license-info : IETF Trust Legal Provisions of 28-dec-2009, Section 6.a: This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. IETF Trust Legal Provisions of 28-dec-2009, Section 6.b(i), paragraph 2: Copyright (c) 2024 IETF Trust and the persons identified as the document authors. All rights reserved. IETF Trust Legal Provisions of 28-dec-2009, Section 6.b(i), paragraph 3: This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** Missing expiration date. The document expiration date should appear on the first and last page. ** The document seems to lack a 1id_guidelines paragraph about Internet-Drafts being working documents. ** The document seems to lack a 1id_guidelines paragraph about 6 months document validity -- however, there's a paragraph with a matching beginning. Boilerplate error? ** The document seems to lack a 1id_guidelines paragraph about the list of current Internet-Drafts. ** The document seems to lack a 1id_guidelines paragraph about the list of Shadow Directories. == No 'Intended status' indicated for this document; assuming Proposed Standard == The page length should not exceed 58 lines per page, but there was 3 longer pages, the longest (page 2) being 60 lines == It seems as if not all pages are separated by form feeds - found 0 form feeds but 4 pages Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. == There are 8 instances of lines with non-RFC2606-compliant FQDNs in the document. == There are 1 instance of lines with non-RFC6890-compliant IPv4 addresses in the document. If these are example addresses, they should be changed. Miscellaneous warnings: ---------------------------------------------------------------------------- -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (January 1998) is 9598 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 1777 (ref. '1') (Obsoleted by RFC 3494) ** Obsolete normative reference: RFC 2052 (ref. '3') (Obsoleted by RFC 2782) -- Possible downref: Non-RFC (?) normative reference: ref. '4' -- Possible downref: Non-RFC (?) normative reference: ref. '5' -- Possible downref: Non-RFC (?) normative reference: ref. '7' -- Possible downref: Non-RFC (?) normative reference: ref. '8' -- Possible downref: Non-RFC (?) normative reference: ref. '9' -- Possible downref: Non-RFC (?) normative reference: ref. '10' Summary: 10 errors (**), 0 flaws (~~), 5 warnings (==), 8 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 Internet-Draft Ryan Moats 2 draft-ietf-lsd-server-finding-01.txt AT&T 3 Expires in six months January 1998 5 LDAP Servers Finding Other LDAP Servers 6 Filename: draft-ietf-lsd-server-finding-01.txt 8 Status of This Memo 10 This document is an Internet-Draft. Internet-Drafts are working 11 documents of the Internet Engineering Task Force (IETF), its 12 areas, and its working groups. Note that other groups may also 13 distribute working documents as Internet-Drafts. 15 Internet-Drafts are draft documents valid for a maximum of six 16 months and may be updated, replaced, or obsoleted by other 17 documents at any time. It is inappropriate to use Internet- 18 Drafts as reference material or to cite them other than as ``work 19 in progress.'' 21 To learn the current status of any Internet-Draft, please check 22 the ``1id-abstracts.txt'' listing contained in the Internet- 23 Drafts Shadow Directories on ftp.is.co.za (Africa), nic.nordu.net 24 (Europe), munnari.oz.au (Pacific Rim), ds.internic.net (US East 25 Coast), or ftp.isi.edu (US West Coast). 27 Abstract 29 This document discusses methods available for an LDAP server to 30 discover other LDAP servers. It is based on previous and ongoing 31 IETF work. 33 1. Introduction 35 The Lightweight Directory Access Protocol (LDAP) [1] can be used to 36 build "islands" of servers that are not a priori tied into a single 37 Directory Information Tree (DIT.) Here, it is necessary to determine 38 how an LDAP server can discover the existence of other LDAP servers. 39 This documents discusses the methods available based on current and 40 previous IETF work. 42 2. Server Discovery of Other Servers 44 A LDAP server may always hae a list of other servers configured into 45 it by an administrator. Additionally, a LDAP server discovers other 46 LDAP servers by either using a proposed naming scheme and the DNS, by 47 using an additional server to server indexing protocol, or by using 48 the Service Location Protocol [2]. Once a server discovers other 49 servers it can collect information for returning LDAP v3 referrals 50 (as LDAP URLs) to clients. 52 2.1. Discovery via DNS 54 An LDAP server may either be registered using SRV records [3] or, if 55 the server uses the "dc-naming" scheme ([4, 5]), it can attempt to 56 find the server managing its parent node by using DNS to look for the 57 LDAP server for the parent domain. Additionally, an LDAP server may 58 be named using a common alias as described in [6]. In either case, 59 it is necessary to include information about the root of the LDAP 60 server's subtree by using DNS TXT records as discussed in [7]. 62 As an example, consider a server with the RDN "dc=foo,dc=bar,dc=com" 63 (i.e. in domain foo.bar.com) and the following DNS RRs: 65 ldap.tcp.bar.com SRV 0 0 389 ldap1.bar.com 67 ldap1.bar.com A 100.100.100.100 68 ldap1.bar.com TXT "service:wp:ldap://ldap1.bar.com:389/o=foo,c=us" 70 To find its parent server, it would first look for a SRV record for 71 ldap.tcp.bar.com and then follow [6] by looking for ldap.bar.com. In 72 this case, the lookup for ldap.tcp.bar.com would provide a SRV record 73 pointing at ldap1.bar.com. Once an A record for the parent server 74 were found the server would then look for a TXT record for the same 75 FQDN (here ldap1.bar.com) to determine the root of its parent 76 server's sub-tree. 78 Because of limitations in the size of a DNS response, each TXT record 79 should only have one URL in it. If multiple URLs are to be 80 specified, multiple TXT records should be used and the client is 81 responsible for choosing between them (there is no way to specify 82 preference between TXT records in DNS) 84 2.2. Discovery via the Common Indexing Protocol [8, 9] 86 Independent of what DIT is being managed, LDAP servers could export 87 index information about their portion of the tree via the Common 88 Indexing Protocol. This requires some a priori discovery and set up 89 of the index mesh and the inclusion of the root DN of the server's 90 portion of the tree in the exported index information. 92 2.3. Discovery via the Service Location Protocol 94 It is also possible for a LDAP server to discover other LDAP servers 95 via the Service Location Protocol (SRVLOC) through use of the 96 proposed "wp" and "yp" abstract service types [10]. To advertise a 97 LDAP server, the administator would register the LDAP server under 98 SRVLOC, including registering the server's DN as part of the 99 attributes of the service. 101 A LDAP server would then issue a request and recieve URL information 102 about advertised LDAP servers and what portions of the DIT they 103 serve. 105 3. Security Considerations 107 Since this draft only summarizes available methods, it adds no 108 additional security considerations to those inherent in the 109 referenced documents. Implementors are strongly recommended to read 110 and follow the security considerations provided in the referenced 111 documents. 113 4. Acknowledgments 115 Many thanks to the members of the LSD working group, for their 116 contributions to previous drafts. The work described in this document 117 is partially supported by the National Science Foundation, 118 Cooperative Agreement NCR-9218179. 120 5. References 122 Request For Comments (RFC) and Internet Drafts documents are 123 available from and numerous mirror 124 sites. 126 [1] W. Yeong, T. Howes, S. Kille, "Lightweight Directory Access 127 Protocol," RFC 1777, March 1995. 129 [2] J. Veizades, E. Guttman, C. Perkins, S. Kaplan, "Service 130 Location Protocol," RFC 2165, June 1997. 132 [3] A. Gulbrandsen, P. Vixie, "A DNS RR for specifying the loca- 133 tion of services (DNS SRV)," RFC 2052, October 1996. 135 [4] A. Grimstad et al., "Naming Plan for an Internet Directory 136 Service," Internet Draft (work in progress), March 19, 1997. 138 [5] S. Kille et al., "Using Domains in LDAP Distinguished 139 Names," Internet Draft (work in progress), August 1997. 141 [6] M. Hamilton, R. Wright, "Use of DNS Aliases for Network Ser- 142 vices," RFC 2219 (Also BCP 17), October, 1997. 144 [7] R. Moats, M. Hamilton, "Advertising Services," Internet 145 Draft (work in progress), June 1997. 147 [8] M. Mealling, J. Allen, "MIME Object Definitions for the Com- 148 mon Indexing Protocol(CIP)," Internet Draft (work in 149 progress), June 11, 1997. 151 [9] M. Mealling, J. Allen, "The Architecture of the Common 152 Indexing Protocol (CIP)," Internet Draft (work in progress), 153 June 11, 1997. 155 [10] R. Moats, "The 'wp' and 'yp' Abstract Service Types", Inter- 156 net Draft (work in progress), January, 1998. 158 6. Author's address 160 Ryan Moats 161 AT&T 162 15621 Drexel Circle 163 Omaha, NE 68135-2358 164 USA 166 Phone: +1 402 894-9456 167 EMail: jayhawk@att.com