SLUG Mailing List Archives
Re: WAS: RE: [SLUG] Invalid credentials error code 49
- To: Philip Greggs <png320@xxxxxxxxx>
- Subject: Re: WAS: RE: [SLUG] Invalid credentials error code 49
- From: Benno <benjl@xxxxxxxxxxxxxxx>
- Date: Sun, 23 Apr 2006 16:14:45 +1000
- Cc: slug@xxxxxxxxxxx
- User-agent: Mutt/1.5.11+cvs20060126
On Sun Apr 23, 2006 at 14:33:57 +1000, Philip Greggs wrote:
>On 4/23/06, Benno <benjl@xxxxxxxxxxxxxxx> wrote:
>> On Sat Apr 22, 2006 at 09:09:30 +1000, Philip Greggs wrote:
>> >On 4/21/06, Benno <benjl@xxxxxxxxxxxxxxx> wrote:
>> >> On Fri Apr 21, 2006 at 20:24:10 +1000, Philip Greggs wrote:
>> Ok, to actually clarify the confusion... (hopefully). DNS is used in ldap
>> at the network layer to determine how to contact the server.
>In simple words ldap needs DNS for it to be contacted by ldap clients
>like 'ldapadd', 'dapsearch', etc.
Err, I'm not sure that you use of "ldap" in above makes sense. To rephrase:
ldap clients like 'ldapadd', 'ldapsearch' may use DNS when contacting an
>> DNS is not used by the server, and the base DN is not related to DNS, and
>> you are free to set that to whatever. (Which is what brought this up in the
>> first place.)
>You'll have to check IETF RFC 3663 before you bring more confusions, which
>says in part and I quote:
I don't understand what you are trying to say here. I am aware of the
acroynm expansions and the meaning of the terms and my previous
statement stands as is.
Specifically the base DN, that is the root of an information heirarchy
could be related to a server's DNS record, or, equally it could be
totally unrelated, or confusingly it could be related to a different
organisation's domain name.
For example, some base DNs could be: (taken from
(base DN in X.500 format)
(base DN derived from the company's Internet presence)
(base DN derived from the company's DNS domain components)
The important thing that was being said when someone else in this
thread mentioned DNS and distinguished names, was that the ldap server
doesn't imply any information about domain names. (Although I guess it
wouldn't be unreasonable for it to imply this as dc stands for domain
component). In any case, there is no problem for my LDAP server,
whether conected to the internet or not, to store information about a
distinguished name 'dc=example,dc=com', regardless of whether
example.com exists, or whether I own it, or any such thing.
Jamie originally wrote:
"The bind DN and base DN have no relation to DNS except for
namespacing. It is perfectly fine to use dc=example,dc=org as a DN
Which I hope the above extended explanation makes clear.