Re: [ldapext] A more radical approach to 2307

Michael Ströder <> Fri, 04 December 2015 20:09 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id A42B91A0032 for <>; Fri, 4 Dec 2015 12:09:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.312
X-Spam-Status: No, score=-2.312 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 04vqBrRaa232 for <>; Fri, 4 Dec 2015 12:09:54 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 1199F1A0022 for <>; Fri, 4 Dec 2015 12:09:53 -0800 (PST)
Received: from srv4.stroeder.local (unknown []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.stroeder.local", Issuer " Server CA no. 2009-07" (verified OK)) by (Postfix) with ESMTPS id C86431CF3A; Fri, 4 Dec 2015 20:09:50 +0000 (UTC)
Received: from nb2.stroeder.local (nb2.stroeder.local []) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by srv4.stroeder.local (Postfix) with ESMTPS id C91F21D662; Fri, 4 Dec 2015 20:09:48 +0000 (UTC)
To: Andrew Findlay <>,
References: <>
From: Michael Ströder <>
X-Enigmail-Draft-Status: N1110
Message-ID: <>
Date: Fri, 04 Dec 2015 21:09:48 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:42.0) Gecko/20100101 SeaMonkey/2.39
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="------------ms070208060604070703040500"
Archived-At: <>
Subject: Re: [ldapext] A more radical approach to 2307
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: LDAP Extension Working Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 04 Dec 2015 20:09:56 -0000

Andrew Findlay wrote:
> RFC2307, 2307bis and DBIS all start from the NIS/YP/files-in-etc model
> and represent the data in LDAP with varying degrees of fidelity.
> Is this actually a good idea? I rather think not.

Yepp. RFC 2307bis should be splitted.

> The resulting set of attributes and classes would be *much* smaller than
> the 2307 set. Some whole categories could just vanish, e.g.:
> 	All the shadow password stuff (draft-behera is difficult enough
> 	and we don't need to duplicate its function on the client side)

Yes, 'shadowAccount' is already regarded deprecated.

> 	memberUid (we really *dont* need a POSIX-specific way to
> 	represent groups, and the syntax of memberUid does not even
> 	match that of uid)

That's the only thing we might want to consider to keep because of
backwards-compability to existing client implementations.

> 	Most of the less-used NIS-map attributes and classes could be
> 	hived off into separate documents, or even dumped in favour of a
> 	generic structural lookup table with explicit case ignore/case
> 	sensitive semantics.

It might be worth to preserve some of the stuff but really in a separate generic

Ciao, Michael.