INTERNET-DRAFT Kurt D. Zeilenga Intended Category: Informational OpenLDAP Foundation Expires: 15 March 2002 15 October 2001 LDAPv2 to Historical Status Status of Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026. This document is intended to be, after appropriate review and revision, submitted to the RFC Editor as an Informational document. Distribution of this memo is unlimited. Technical discussion of this document will take place on the IETF LDAP Revision Working Group (LDAPbis) mailing list . Please send editorial comments directly to the document editor . Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as ``work in progress.'' The list of current Internet-Drafts can be accessed at . The list of Internet-Draft Shadow Directories can be accessed at . Copyright 2001, The Internet Society. All Rights Reserved. Please see the Copyright section near the end of this document for more information. Abstract This note discusses moving version 2 of the Lightweight Directory Access Protocol [LDAPv2] to Historical status. Zeilenga LDAPv2 to Historical Status [Page 1] INTERNET-DRAFT draft-zeilenga-ldapv2-00.txt 15 October 2001 Background LDAPv2 (Lightweight Directory Access Protocol, version 2) [LDAPv2] was published in 1995 as a Draft Standard. Since publication, a number of inadequaces in the specification have been discovered. LDAPv3 [LDAPv3] was published in 1997 as a Proposed Standard to resolve these inadequances. LDAPv3 is currently be revised [LDAPbis]. The LDAPv2 specification is not generally adhered to. That is, an independently developed implementation of the specification would not interoperate with existing implementations as existing implementations use syntaxes and semantics different than those prescribed by the specification. Below are two examples. 1) RFC 1777 requires use of the textual string associated with AttributeType in the X.500 Directory standards. However, most implementations use the NAME associated with the AttributeType in LDAPv3 schema [RFC2252]. That is, LDAPv2 requires the organizational name attribute is named "organizationName" not "o". 2) LDAPv2 implementations do not commonly restrict textual values to IA5 and T.61 as required by RFC 1777 and 1778. Some implementations use ISO 8859-1, others use UCS-2, others use UTF-8, and some use whatever the local character set happens to be. LDAPv2 does not provide adequate security features for use on the Internet. LDAPv2 does not provide any mechanism for data integrity or confidentiality. LDAPv2 does not support modern authentication mechanisms such as those based on DIGEST-MD5, Kerberos V, and X.509 public keys. Recommendation Developers should not implement LDAPv2 as specified as such would result in implementation which will not interoperate with existing LDAPv2 implementations. Developers should implement LDAPv3 instead. Deployers should recongize that interoperability issues existing with LDAPv2 implementations. LDAPv3 is the recommended protocol for accessing X.500-based directory services. As there seems to be no implementations of LDAPv2 as specified, it is recommended that RFC 1777, RFC 1778, and RFC 1779, be moved to Historical status. Zeilenga LDAPv2 to Historical Status [Page 2] INTERNET-DRAFT draft-zeilenga-ldapv2-00.txt 15 October 2001 Security Considerations The security of the Internet will not be impacted by the retirement of LDAPv2. Acknowledgment The author would like to thank the designers of LDAPv2 for their contribution to the Internet community. Author's Address Kurt D. Zeilenga OpenLDAP Foundation Email: Kurt@OpenLDAP.org References [LDAPbis] IETF LDAP Revision (v3) Working Group (LDAPbis), . [LDAPv2] Yeong, W., Howes, T., and S. Kille, "Lightweight Directory Access Protocol", RFC 1777, March 1995. [LDAPv3] Wahl, M., Howes, T. and S. Kille, "Lightweight Directory Access Protocol (v3)", RFC 2251, December 1997. Zeilenga LDAPv2 to Historical Status [Page 3]