idnits 2.17.1 draft-moats-finding-01.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Cannot find the required boilerplate sections (Copyright, IPR, etc.) in this document. Expected boilerplate is as follows today (2024-04-26) according to https://trustee.ietf.org/license-info : IETF Trust Legal Provisions of 28-dec-2009, Section 6.a: This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. IETF Trust Legal Provisions of 28-dec-2009, Section 6.b(i), paragraph 2: Copyright (c) 2024 IETF Trust and the persons identified as the document authors. All rights reserved. IETF Trust Legal Provisions of 28-dec-2009, Section 6.b(i), paragraph 3: This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** Missing expiration date. The document expiration date should appear on the first and last page. ** The document seems to lack a 1id_guidelines paragraph about Internet-Drafts being working documents. ** The document seems to lack a 1id_guidelines paragraph about 6 months document validity -- however, there's a paragraph with a matching beginning. Boilerplate error? ** The document seems to lack a 1id_guidelines paragraph about the list of current Internet-Drafts. ** The document seems to lack a 1id_guidelines paragraph about the list of Shadow Directories. == No 'Intended status' indicated for this document; assuming Proposed Standard == The page length should not exceed 58 lines per page, but there was 3 longer pages, the longest (page 2) being 60 lines Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. == There are 4 instances of lines with non-RFC2606-compliant FQDNs in the document. Miscellaneous warnings: ---------------------------------------------------------------------------- -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (September 1997) is 9720 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 1777 (ref. '1') (Obsoleted by RFC 3494) ** Obsolete normative reference: RFC 2052 (ref. '2') (Obsoleted by RFC 2782) -- Possible downref: Non-RFC (?) normative reference: ref. '3' -- Possible downref: Non-RFC (?) normative reference: ref. '4' -- Possible downref: Non-RFC (?) normative reference: ref. '5' -- Possible downref: Non-RFC (?) normative reference: ref. '6' -- Possible downref: Non-RFC (?) normative reference: ref. '7' -- Possible downref: Non-RFC (?) normative reference: ref. '8' -- Possible downref: Non-RFC (?) normative reference: ref. '9' -- Possible downref: Non-RFC (?) normative reference: ref. '10' Summary: 10 errors (**), 0 flaws (~~), 3 warnings (==), 10 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Internet-Draft Ryan Moats 3 draft-moats-finding-01.txt AT&T 4 Expires in six months September 1997 6 How to find LDAP Servers 7 Filename: draft-moats-finding-01.txt 9 Status of This Memo 11 This document is an Internet-Draft. Internet-Drafts are working 12 documents of the Internet Engineering Task Force (IETF), its 13 areas, and its working groups. Note that other groups may also 14 distribute working documents as Internet-Drafts. 16 Internet-Drafts are draft documents valid for a maximum of six 17 months and may be updated, replaced, or obsoleted by other 18 documents at any time. It is inappropriate to use Internet- 19 Drafts as reference material or to cite them other than as ``work 20 in progress.'' 22 To learn the current status of any Internet-Draft, please check 23 the ``1id-abstracts.txt'' listing contained in the Internet- 24 Drafts Shadow Directories on ftp.is.co.za (Africa), nic.nordu.net 25 (Europe), munnari.oz.au (Pacific Rim), ds.internic.net (US East 26 Coast), or ftp.isi.edu (US West Coast). 28 Abstract 30 This document discusses methods available for LDAP server discovery 31 and advertisement based on previous IETF and ongoing IETF work. 33 1. Introduction 35 The Lightweight Directory Access Protocol (LDAP) [1] can be used to 36 build "islands" of servers that are not a priori tied into a single 37 Directory Information Tree (DIT.) Here, it is necessary to determine 38 how a client can discover LDAP servers and how LDAP servers can 39 discover each other's existence. This documents discusses the methods 40 available based on current and previous IETF work. 42 2. Server Discovery of Other Servers 44 An LDAP server discovers other LDAP servers by either using a 45 proposed naming scheme and the DNS or by using an additional server 46 to server indexing protocol. Once a server discovers other servers 47 it can collect information for returning LDAP v3 referrals (as LDAP 48 URLs) to clients. 50 2.1. Discovery via DNS 52 An LDAP server may either be registered using SRV records [2] or, if 53 the server uses the "dc-naming" scheme ([3, 4]), it can attempt to 54 find the server managing its parent node by using DNS to look for the 55 LDAP server for the parent domain. Additionally, an LDAP server may 56 be named using a common alias as described in [5]. In either case, 57 it is necessary to include information about the root of the LDAP 58 server's subtree by using DNS TXT records as discussed in [6]. 60 As an example, consider a server with the RDN "dc=foo,dc=bar,dc=com" 61 (i.e. in domain foo.bar.com). To find its parent server, it would 62 first look for a SRV record for ldap.tcp.bar.com and then follow [5] 63 by looking for ldap.bar.com. If any of these records were found, it 64 would then look for a TXT record for the same domain to determine the 65 root of its parent server's sub-tree. 67 2.2. Discovery via the Common Indexing Protocol [7, 8] 69 Independent of what DIT is being managed, LDAP servers could export 70 index information about their portion of the tree via the Common 71 Indexing Protocol. This requires some a priori discovery and set up 72 of the index mesh and the inclusion of the root DN of the server's 73 portion of the tree in the exported index information. 75 3. Client Discovery of LDAP Servers 77 To discover LDAP servers, clients should follow the sequence of steps 78 specified in [9] (which uses DNS and the service location protocol) 79 with the target service being LDAP. If a DNS record is found for a 80 name that begins with ldap (i.e. ldap.tcp.foo.com or ldap.foo.com) a 81 further DNS lookup for a TXT record under that name would return the 82 root of that server's subtree. If a client supports DHCP, it may 83 use the DHCP extension specified in [10] to locate LDAP servers. 85 Alternatively, LDAP clients may have a list of preconfigured LDAP 86 servers included with them that a user can select from. Here, some 87 of the servers in the preconfigured list might provide the 88 functionality described in this document, to allow for simpler 89 clients. 91 4. Security Considerations 93 Since this draft only summarizes available methods, it adds no 94 additional security considerations to those inherent in the 95 referenced documents. Implementors are strongly recommended to read 96 and follow the security considerations provided in the referenced 97 documents. 99 5. Acknowledgments 101 Many thanks to the members of the LSD working group, for their 102 contributions to previous drafts. The work described in this document 103 is partially supported by the National Science Foundation, 104 Cooperative Agreement NCR-9218179. 106 6. References 108 Request For Comments (RFC) and Internet Drafts documents are 109 available from and numerous mirror 110 sites. 112 [1] W. Yeong, T. Howes, S. Kille, "Lightweight Direc- 113 tory Access Protocol," RFC 1777, March 1995. 115 [2] A. Gulbrandsen, P. Vixie, "A DNS RR for specifying 116 the location of services (DNS SRV)," RFC 2052, 117 October 1996. 119 [3] A. Grimstad et al., "Naming Plan for an Internet 120 Directory Service," Internet Draft (work in pro- 121 gress), March 19, 1997. 123 [4] S. Kille et al., "Using Domains in LDAP Dis- 124 tinguished Names," Internet Draft (work in pro- 125 gress), August 1997. 127 [5] M. Hamilton, R. Wright, "Use of DNS Aliases for 128 Network Services," Internet Draft (work in pro- 129 gress), August, 1997. 131 [6] R. Moats, M. Hamilton, "Advertising Services," 132 Internet Draft (work in progress), June 1997. 134 [7] M. Mealling, J. Allen, "MIME Object Definitions for 135 the Common Indexing Protocol(CIP)," Internet Draft 136 (work in progress), June 11, 1997. 138 [8] M. Mealling, J. Allen, "The Architecture of the 139 Common Indexing Protocol (CIP)," Internet Draft 140 (work in progress), June 11, 1997. 142 [9] R. Moats, M. Hamilton, P. Leach, "Finding Stuff 143 (How to discover services)," Internet Draft (work 144 in progress), June 1997. 146 [10] L. Hedstrom, L. Howard, "DHCP Options for Locating 147 LDAP Servers," Internet Draft (work in progress), 148 July 1997 150 7. Author's address 152 Ryan Moats 153 AT&T 154 15621 Drexel Circle 155 Omaha, NE 68135-2358 156 USA 158 Phone: +1 402 894-9456 159 EMail: jayhawk@att.com