RFC2307 vs RFC2307bis(draft)

Hi all,
i am following this list for some time and now that we are about to decide to
use nss-ldap in our company i come with a big big doubt...
Our company is using mainly RedHat Linux (ES/WS 3  and 4), Solaris ( 5.7, 8, 9
and probably 10 soon) and HP-UX and we plan to map passwd, shadow and groups in
LDAP ( SunOne 5.1 server). Our main concern is with groups...

Please correct me if i am wrong but it seems to me that RedHat is using the
nssldap from PADL, correct ? (which is, as said in the main page, implementing
both RFC2307 and RFC2307bis and therefore mapping the group  in ldap is working
well even for us who implemented the groups thanks to the objectclass posixgroup
and the attribute uniquemember which stores the DN of the group members.

SUN went with their own implementation of nssldap (with their 'ldap client') and
it is still not clear to us wether they implement (or implemented in some older
solaris releases only) the RFC2307bis. Sun support told us that 2307 only was
implemented but when you look at their 'man ldap' page (on solaris 8 and 9) you
read :


"Solaris LDAP clients use the LDAP v3 protocol to access nam-
     ing information from LDAP servers. The LDAP server must sup-
     port the object classes and attributes defined in RFC2307bis
     (draft),  which maps the naming service model on to LDAP. As
     an alternate to  using  the  schema  defined  in  RFC2307bis
     (draft),  the  system  can be configured to use other schema
     sets and the schema mapping feature  is  configured  to  map
     between  the  two. Refer to the System Administration Guide:
     Naming and Directory Services (DNS, NIS, and LDAP) for  more
     details."

Confusing no ? I read the System Administration guide they are talking of in the
man page. The one i got is for solaris 10 and they are only talking of RFC2307.
I asked the same question to SUN again but in case some of you could give me a
parallel answer i would really appreciate !! : is RFC2307bis draft implemented
by SUN and if yes in which solaris versions ?

Anyway our tests (solaris 8 and 9) showed that RFC2307bis seem not to be
implemented (but did we miss something like a config somewhere?) because the
ldap logs after a 'getent group' show that only the memberuid attribute is read
therefore is does not work for us!. I feel that attribute mapping is useless for
us because remapping memberuid -> uniquemember gives us some entries but we get
the DN of the members (which is what uniquemember stores) and therefore it does
not fit, correct ?...

A long time ago we tested (sucessfully as far as i remember) the PADL module on
solaris but is it still working with latest solaris releases ? And if yes do
you know wether RFC2307bis will still be implemented in future releases of this
PADL module (you would have understood that we are thinking of using PADL module
everywhere then  : solaris, HP-ux, Redhat) ?

By the way what is the status of RFC 2307bis. Since it was a draft issued in
2003 it has expired, correct ? No plan to have it become a real RFC ?


Many many thanks to those of you who read my post up to the end despite my poor
english level... and that will answer!
Rgds,
Stephane

Hi Stephane,

>A long time ago we tested (sucessfully as far as i remember) the PADL module on
>solaris but is it still working with latest solaris releases ? And if yes do
>you know wether RFC2307bis will still be implemented in future releases of this
>PADL module (you would have understood that we are thinking of using PADL module
>everywhere then  : solaris, HP-ux, Redhat) ?

The PADL nss_ldap does work on the current Solaris releases.

RFC2307bis will continue to be supported in nss_ldap.

>By the way what is the status of RFC 2307bis. Since it was a draft issued in
>2003 it has expired, correct ? No plan to have it become a real RFC ?

We are working on it, a new draft is expected shortly.


regards,

-- Luke

--

 
Thanks a lot Luke.
And anyone having inputs about PADL nss_ldap working on HP-UX ? AIX ?
Again, many thanks in advance.
Rgds,
Stephane