Re: [ldapext] DBIS commentary

"Bannister, Mark" <> Thu, 03 December 2015 10:35 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 87C711B3348 for <>; Thu, 3 Dec 2015 02:35:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.3
X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id T_muvJNCUzk1 for <>; Thu, 3 Dec 2015 02:35:12 -0800 (PST)
Received: from ( []) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id BE1BA1ACDC3 for <>; Thu, 3 Dec 2015 02:35:11 -0800 (PST)
Received: from pimtaint03 ( []) by (output Postfix) with ESMTP id C841A2B344E8 for <>; Thu, 3 Dec 2015 05:35:10 -0500 (EST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=p20150724; t=1449138910; x=1450348510; bh=JBa43E50FcePGgivhMmnI5EY2NONsCXsMSBPeQ4urIE=; h=From:To:CC:Subject:Date:Message-ID:References:In-Reply-To: Content-Type:MIME-Version; b=PHDYfI1wquVny73uvFHmPPl0khqc+LmJpKgI6+H6+mO2oMnhtiepZ5YGDiR/BsVPG xZp69c6ZxXDWEtJhdM5gbW12itNHRVK20saz+dU4nQdEigcpn2QRQJkWcxtBEwCJIO jtHEhbopu+Q410rVoLDAEYcg0R+69fNaTkVAr1pw=
Received: from ( []) by (internal Postfix) with ESMTP id AF88A2B344C5; Thu, 3 Dec 2015 05:35:10 -0500 (EST)
Received: from ( []) by (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id tB3AZAGp002641; Thu, 3 Dec 2015 10:35:10 GMT
Received: from ( by ( with Microsoft SMTP Server (TLS) id; Thu, 3 Dec 2015 05:35:09 -0500
Received: from ( by ( with Microsoft SMTP Server (TLS) id; Thu, 3 Dec 2015 05:35:09 -0500
Received: from ([]) by ([]) with mapi id 14.03.0235.001; Thu, 3 Dec 2015 10:35:08 +0000
From: "Bannister, Mark" <>
To: "'Jordan Brown'" <>
Thread-Topic: DBIS commentary
Date: Thu, 3 Dec 2015 10:35:07 +0000
Message-ID: <>
References: <> <> <> <> <> <> <>
In-Reply-To: <>
Accept-Language: en-GB, en-US
Content-Language: en-US
x-mspolicyagent: version=1.0
x-originating-ip: []
Content-Type: multipart/alternative; boundary="_000_814F4E458AA9FF4E89CF1A9EDA0DE2A932F90F3AOZWEX0209N2msad_"
MIME-Version: 1.0
X-EXCLAIMER-MD-CONFIG: be3bdf5c-71de-49fb-a1b7-ad6a6a1df5e2
X-EXCLAIMER-MD-CONFIG: f2a46809-d95e-4647-8996-91897c738879
X-KLMS-Rule-ID: 1
X-KLMS-Message-Action: clean
X-KLMS-AntiSpam-Status: not scanned, disabled by settings
X-KLMS-AntiPhishing: not scanned, disabled by settings
X-KLMS-AntiVirus: Kaspersky Security 8.0 for Linux Mail Server, version, bases: 2015/12/03 04:23:00 #6678499; khse: 2014-03-12 13:55:01
X-KLMS-AntiVirus-Status: Clean, skipped
Archived-At: <>
Cc: "''" <>
Subject: Re: [ldapext] DBIS commentary
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: LDAP Extension Working Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 03 Dec 2015 10:35:14 -0000

Jordan Brown wrote:

> > On 12/2/2015 12:59 AM, Bannister, Mark wrote:

> > Jordan Brown wrote:

> > > Do note again that RFC 4876 mapping would let you redirect the clients to use a custom

> > > case-sensitive attribute, or attributes from different auxiliary classes.

> >

> > I should really have made it clear that DBIS supersedes RFC 4876, and introduces more

> > powerful mapping constructs.  With DBIS, you can support an RFC2307 schema (case

> > insensitive) and the DBIS schema (case sensitive) from the same client if you so choose,

> > and at several levels.  You could have groups of hosts with case sensitive maps vs. groups

> > of host with case insensitive maps.  You could have a host where some maps are case

> > sensitive and some are not.  You can even have parts of a map provided via one schema

> > and parts from another, i.e. case sensitivity for some entries and insensitivity for others

> > if that’s really what you wished to do.  If you use DBIS, you certainly have no need to

> > use RFC 4876.

> >

> Ah, indeed.  So if there were case-sensitive and case-insensitive attributes available (presumably in different auxiliary classes), you could use > those mapping constructs to choose the non-default variation.


> It doesn't look like you've got 4876 completely covered, though.  Attribute mapping is only one of the things it does - it also tells the clients which > servers to connect to and what authentication schemes to use.  If you're replacing 4876, there should be a plan for replacing that capability.

Yes I’ve not quite understood that.  You need to configure the client to talk to an LDAP server, in order

to obtain a profile that tells it to talk to a different LDAP server instead.  Why would you not just

configure the client to talk to the correct LDAP server in the first place?  Please explain the use-case.

> > Jordan Brown wrote:

> > > Mark Bannister wrote:

> > > > Btw, what was your plan for case sensitivity in filesystems?

> > >

> > > Baby steps :-)

> > >

> > > I do think that that's inevitable too, just not as soon as user names

> >

> > Wow.  Good luck with that.  (Boiling oceans comes to mind).


> I work in name services, not file systems, so it's not an active project.  I just think it'll happen eventually, that

> interoperability with Windows will force it.

I found an interesting discussion on this very subject:



NOTICE: Morgan Stanley is not acting as a municipal advisor and the opinions or views contained herein are not intended to be, and do not constitute, advice within the meaning of Section 975 of the Dodd-Frank Wall Street Reform and Consumer Protection Act. If you have received this communication in error, please destroy all electronic and paper copies; do not disclose, use or act upon the information; and notify the sender immediately. Mistransmission is not intended to waive confidentiality or privilege. Morgan Stanley reserves the right, to the extent permitted under applicable law, to monitor electronic communications. This message is subject to terms available at the following link: If you cannot access these links, please notify us by reply message and we will send the contents to you. By messaging with Morgan Stanley you consent to the foregoing.