Internet-Draft Ryan Moats draft-moats-finding-00.txt AT&T Expires in six months September 1997 How to find LDAP servers Filename: draft-moats-finding-00.txt Status of This Memo This document is an Internet-Draft. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet- Drafts as reference material or to cite them other than as ``work in progress.'' To learn the current status of any Internet-Draft, please check the ``1id-abstracts.txt'' listing contained in the Internet- Drafts Shadow Directories on ftp.is.co.za (Africa), nic.nordu.net (Europe), munnari.oz.au (Pacific Rim), ds.internic.net (US East Coast), or ftp.isi.edu (US West Coast). Abstract This document discusses methods available for LDAP server discovery and advertisement based on previous IETF and ongoing IETF work. 1. Introduction The Lightweight Directory Access Protocol (LDAP) [1] can be used to build "islands" of servers that are not a priori tied into a single Directory Information Tree (DIT). In this case, it is necessary to determine how a client can discover an LDAP server and how LDAP servers can discover each other's existence. This documents discusses the methods available based on current and previous IETF work. 2. Server Discovery of Other Servers A LDAP server discovers other LDAP servers by either using a proposed naming scheme and the DNS or by using a additional server to server Expires 3/31/98 [Page 1] INTERNET DRAFT Finding LDAP Servers September 1997 indexing protocol. Once a server discovers other servers it can collect information for returning LDAP v3 referrals to clients. 2.1. Discovery via DNS An LDAP server may either be registered using SRV records [2] or, if an LDAP server uses the "dc-naming" scheme [3], it can attempt to find the server managing its parent node by using DNS to look for the LDAP server for the parent domain. Additionally, an LDAP server may be named using a common alias as described in [4]. As an example, a server in domain foo.bar.com would first look for a SRV record for ldap.tcp.foo.bar.com, then for a SRV record for ldap.tcp.bar.com. If no SRV records were found, then the server would follow [4] by looking for ldap.foo.bar.com and lastly, for ldap.bar.com. 2.2. Discovery via the Common Indexing Protocol [5], [6] Independent of what DIT we are managing, LDAP servers could export index information about their portion of the tree via the Common Indexing Protocol. This requires some a priori discovery and set up of the index mesh. 3. Client Discovery of LDAP Servers To discover an LDAP server, clients should follow the sequence of steps specified in [7] with the target service being LDAP. Alternatively, a client that supports DHCP may use the DHCP extension for LDAP server location as specified in [8]. 4. Security Considerations Since this draft only summarizes available methods, it adds no additional security considerations to those inherent in the referenced documents. Implementors are strongly recommended to read and follow the security considerations provided in the referenced documents. 5. Acknowledgments Many thanks to the members of the LSD working group, for their contributions to previous drafts. The work described in this document is partially supported by the National Science Foundation, Cooperative Agreement NCR-9218179. 6. References Request For Comments (RFC) and Internet Drafts documents are available from and numerous mirror Expires 3/31/98 [Page 2] INTERNET DRAFT Finding LDAP Servers September 1997 sites. [1] W. Yeong, T. Howes, S. Kille, "Lightweight Direc- tory Access Protocol," RFC 1777, March 1995. [2] A. Gulbrandsen, P. Vixie, "A DNS RR for specifying the location of services (DNS SRV)," RFC 2052, October 1996. [3] S. Kille, S. Sataluri, A. Grimstad, "Naming Plan for an Internet Directory Service," Work In Pro- gress, March 19, 1997. [4] M. Hamilton, R. Wright, "Use of DNS Aliases for Network Services," Work In Progress, August, 1997. [5] M. Mealling, J. Allen, "MIME Object Definitions for the Common Indexing Protocol(CIP)," Work In Pro- gress, June 11, 1997. [6] M. Mealling, J. Allen, "The Architecture of the Common Indexing Protocol (CIP),"Work In Progress, June 11, 1997. [7] R. Moats, M. Hamilton, P. Leach, "Finding Stuff (How to discover services)," Internet Draft (work in progress), June 1997. [8] L. Hedstrom, L. Howard, "DHCP Options for Locating LDAP Servers", Internet Draft (work in progress), July 1997 7. Author's address Ryan Moats AT&T 15621 Drexel Circle Omaha, NE 68135-2358 USA Phone: +1 402 894-9456 EMail: jayhawk@att.com Expires 3/31/98 [Page 3]