Here's some discussion (reposted with permission) about supporting various
versions of LDAP in the browser. Comments solicited...
Dan
Date: Tue, 06 Feb 2001 16:13:39 -0500
From: Mark Smith <[EMAIL PROTECTED]>
Subject: Re: LDAP v2 support in a Mozilla client?
Leif Hedstrom wrote:
>
> Hi Mark,
>
> quick question: Do you think that an LDAP extension to the Mozilla
> browser (addressbook, typedown addressing etc.) would have to work
> against an LDAP v2 only server? I mean, do we need to support such old
> servers, or is it ok to assume that most LDAP servers today will support
> LDAP v3?
>
> Or, is it worthwhile to try to handle both cases properly?
I think some users will be disappointed if there is no support for
LDAPv2 at all. But all of those users will be trying to talk to either
a really old LDAP server (U-M LDAP circa 1996 or earlier) or something
that uses OpenLDAP (which until fairly recently had no v3 support).
I think it would be very reasonable to only support some features or to
initially work only with LDAPv3. Interested people can contribute
LDAPv2 support if it is really important.
Of course I don't have any real data about what servers people are
running against out there... I wonder if the fairly non-standard LDAP
servers such as Bigfoot et al support LDAPv3?
-Mark
Date: Tue, 06 Feb 2001 15:27:39 -0800
From: Leif Hedstrom <[EMAIL PROTECTED]>
Subject: Re: LDAP v2 support in a Mozilla client?
Mark Smith wrote:
>
> Of course I don't have any real data about what servers people are
> running against out there... I wonder if the fairly non-standard LDAP
> servers such as Bigfoot et al support LDAPv3?
That's a good question, maybe we can use Bigfoot and some of the other LDAP
enabled "white pages" systems as part of the QA test cycles?
Date: Thu, 08 Feb 2001 15:49:59 -0500
From: Mark Smith <[EMAIL PROTECTED]>
Subject: Re: LDAP v2 support in a Mozilla client?
Leif Hedstrom wrote:
>
> Mark Smith wrote:
>
> > I think it would be very reasonable to only support some features or to
> > initially work only with LDAPv3. Interested people can contribute
> > LDAPv2 support if it is really important.
> >
> > Of course I don't have any real data about what servers people are
> > running against out there... I wonder if the fairly non-standard LDAP
> > servers such as Bigfoot et al support LDAPv3?
>
> That's a good question, maybe we can use Bigfoot and some of the other LDAP
> enabled "white pages" systems as part of the QA test cycles?
Maybe. I did a little "research" . Raw results are attached -- I
basically ran the ldapsearch command (which tries an LDAPv3 bind by
default) against some LDAP servers I know about. Many of these are
university sites since most .coms do not have a public LDAP directory.
Here is the summary:
LDAPv3:
memberdir.netscape.com
directory.verisign.com
ldap.nyu.edu
directory.washington.edu
ldap.wvu.edu
LDAPv2 only:
ldap.whowhere.com
ldap.itd.umich.edu
ldap.tcs.tulane.edu
Hard to say for sure:
ldap.bigfoot.com (the v3 bind did not return an error)
ldap.infospace.com (connection refused)
ldap.switchboard.com (DNS lookup failed)
Note that BigFoot's LDAP server is just plain goofy. It requires that
you bind. And it ignores the search base and scope parameters
entirely. But it does not refuse v3 binds.
-Mark
--------------2E03E3AE07E0384EC0B54916
Content-Type: text/plain; charset=us-ascii;
name="public-ldap-servers-info.txt"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="public-ldap-servers-info.txt"
Trying nsdirectory.mcom.com...
version: 1
dn:
namingContexts: dc=com
version: 1
dn: cn=monitor
version: Netscape-Directory/4.1 B99.262.2243
Trying memberdir.netscape.com...
version: 1
dn:
namingContexts: o=netcenter.com
version: 1
dn: cn=monitor
version: Netscape-Directory/4.1 B99.138.1723
Trying ldap.bigfoot.com...
ldap_search: Inappropriate matching
version: 1
dn: cn="Andy Monitor",[EMAIL PROTECTED],c=US,o=hotmail.com
mail: [EMAIL PROTECTED]
cn: Andy Monitor
o: hotmail.com
l: NORTHERN IRELAND
givenName: Andy
surname: Monitor
dn: cn="Bahrain Monitor",[EMAIL PROTECTED],c=US,o=hotmail.com
mail: [EMAIL PROTECTED]
cn: Bahrain Monitor
o: hotmail.com
givenName: Bahrain
surname: Monitor
dn: cn="Bernd Monitor",[EMAIL PROTECTED],c=US,o=mms.de
mail: [EMAIL PROTECTED]
cn: Bernd Monitor
o: mms.de
givenName: Bernd
surname: Monitor
dn: cn="BF Monitor",[EMAIL PROTECTED],c=US,o=com.net
mail: [EMAIL PROTECTED]
cn: BF Monitor
o: com.net
givenName: BF
surname: Monitor
dn: cn="BF Monitor",[EMAIL PROTECTED],c=US,o=bigfoot.com
mail: [EMAIL PROTECTED]
cn: BF Monitor
o: bigfoot.com
givenName: BF
surname: Monitor
dn: cn="BF Monitor",[EMAIL PROTECTED],c=US,o=local.bigfoot.com
mail: [EMAIL PROTECTED]
cn: BF Monitor
o: local.bigfoot.com
givenName: BF
surname: Monitor
dn: cn="BF Monitor",[EMAIL PROTECTED],c=US,o=sdgf.com
mail: [EMAIL PROTECTED]
cn: BF Monitor
o: sdgf.com
givenName: BF
surname: Monitor
dn: cn="BF Monitor",[EMAIL PROTECTED],c=US,o=bigfoot.com
mail: [EMAIL PROTECTED]
cn: BF Monitor
o: bigfoot.com
givenName: BF
surname: Monitor
dn: cn="BF Monitor",[EMAIL PROTECTED],c=US,o=local.bigfoot.com
mail: [EMAIL PROTECTED]
cn: BF Monitor
o: local.bigfoot.com
givenName: BF
surname: Monitor
dn: cn="BF Monitor",[EMAIL PROTECTED],c=US,o=aerge.com
mail: [EMAIL PROTECTED]
cn: BF Monitor
o: aerge.com
givenName: BF
surname: Monitor
dn: cn="BF Monitor",[EMAIL PROTECTED],c=US,o=bigfoot.com
mail: [EMAIL PROTECTED]
cn: BF Monitor
o: bigfoot.com
givenName: BF
surname: Monitor
dn: cn="BF Monitor",[EMAIL PROTECTED],c=US,o=local.bigfoot.com
mail: [EMAIL PROTECTED]
cn: BF Monitor
o: local.bigfoot.com
givenName: BF
surname: Monitor
dn: cn="BF Monitor",[EMAIL PROTECTED],c=US,o=efget.com
mail: [EMAIL PROTECTED]
cn: BF Monitor
o: efget.com
givenName: BF
surname: Monitor
dn: cn="BF Monitor",[EMAIL PROTECTED],c=US,o=bigfoot.com
mail: [EMAIL PROTECTED]
cn: BF Monitor
o: bigfoot.com
givenName: BF
surname: Monitor
dn: cn="BF Monitor",[EMAIL PROTECTED],c=US,o=local.bigfoot.com
mail: [EMAIL PROTECTED]
cn: BF Monitor
o: local.bigfoot.com
givenName: BF
surname: Monitor
dn: cn="BF Monitor",[EMAIL PROTECTED],c=US,o=bigfoot.com
mail: [EMAIL PROTECTED]
cn: BF Monitor
o: bigfoot.com
givenName: BF
surname: Monitor
dn: cn="BF Monitor",[EMAIL PROTECTED],c=US,o=erg.com
mail: [EMAIL PROTECTED]
cn: BF Monitor
o: erg.com
givenName: BF
surname: Monitor
dn: cn="BF Monitor",[EMAIL PROTECTED],c=US,o=bigfoot.com
mail: [EMAIL PROTECTED]
cn: BF Monitor
o: bigfoot.com
givenName: BF
surname: Monitor
dn: cn="BF Monitor",[EMAIL PROTECTED],c=US,o=local.bigfoot.com
mail: [EMAIL PROTECTED]
cn: BF Monitor
o: local.bigfoot.com
givenName: BF
surname: Monitor
dn: cn="BREC_first_name MONITOR",[EMAIL PROTECTED],c=US,o=computer.lab
mail: [EMAIL PROTECTED]
cn: BREC_first_name MONITOR
o: computer.lab
givenName: BREC_first_name
surname: MONITOR
dn: cn="Class Monitor",[EMAIL PROTECTED],c=US,o=hotmail.com
mail: [EMAIL PROTECTED]
cn: Class Monitor
o: hotmail.com
givenName: Class
surname: Monitor
dn: cn="Classroom Monitor",[EMAIL PROTECTED],c=US,o=hotmail.com
mail: [EMAIL PROTECTED]
cn: Classroom Monitor
o: hotmail.com
l: KINGSTOWN
givenName: Classroom
surname: Monitor
dn: cn="David Monitor",[EMAIL PROTECTED],c=US,o=bigfoot.com
mail: [EMAIL PROTECTED]
cn: David Monitor
o: bigfoot.com
givenName: David
surname: Monitor
dn: cn="David Monitor",[EMAIL PROTECTED],c=US,o=meto.gov.uk
mail: [EMAIL PROTECTED]
cn: David Monitor
o: meto.gov.uk
givenName: David
surname: Monitor
dn: cn="Douglas Monitor",[EMAIL PROTECTED],c=US,o=worldnet.at
t.net
mail: [EMAIL PROTECTED]
cn: Douglas Monitor
o: worldnet.att.net
l: Miami
givenName: Douglas
surname: Monitor
dn: cn="ECMM Monitor",[EMAIL PROTECTED],c=US,o=hotmail.com
mail: [EMAIL PROTECTED]
cn: ECMM Monitor
o: hotmail.com
givenName: ECMM
surname: Monitor
dn: cn="ECMM Monitor",[EMAIL PROTECTED],c=US,o=hotmail.com
mail: [EMAIL PROTECTED]
cn: ECMM Monitor
o: hotmail.com
l: FEDERATION
givenName: ECMM
surname: Monitor
dn: cn="ECMM Monitor",[EMAIL PROTECTED],c=US,o=hotmail.com
mail: [EMAIL PROTECTED]
cn: ECMM Monitor
o: hotmail.com
givenName: ECMM
surname: Monitor
dn: cn="ECMM Monitor",[EMAIL PROTECTED],c=US,o=hotmail.com
mail: [EMAIL PROTECTED]
cn: ECMM Monitor
o: hotmail.com
l: FEDERATION
givenName: ECMM
surname: Monitor
dn: cn="EMPATH MONITOR",[EMAIL PROTECTED],c=US,o=postoff
ice.worldnet.att.net
mail: [EMAIL PROTECTED]
cn: EMPATH MONITOR
o: postoffice.worldnet.att.net
givenName: EMPATH
surname: MONITOR
dn: cn="EPI MONITOR",[EMAIL PROTECTED],c=US,o=AOL.COM
mail: [EMAIL PROTECTED]
cn: EPI MONITOR
o: AOL.COM
givenName: EPI
surname: MONITOR
dn: cn="factory monitor",[EMAIL PROTECTED],c=US,o=hotmail.com
mail: [EMAIL PROTECTED]
cn: factory monitor
o: hotmail.com
l: ONTARIO
givenName: factory
surname: monitor
dn: cn="GH Monitor",[EMAIL PROTECTED],c=US,o=hotmail.com
mail: [EMAIL PROTECTED]
cn: GH Monitor
o: hotmail.com
givenName: GH
surname: Monitor
dn: cn="gregg monitor",[EMAIL PROTECTED],c=US,o=visi.com
mail: [EMAIL PROTECTED]
cn: gregg monitor
o: visi.com
l: arden hills
givenName: gregg
surname: monitor
dn: cn="gregg monitor",[EMAIL PROTECTED],c=US,o=bigfoot.com
mail: [EMAIL PROTECTED]
cn: gregg monitor
o: bigfoot.com
l: arden hills
givenName: gregg
surname: monitor
dn: cn="hiler monitor",[EMAIL PROTECTED],c=US,o=hotmail.com
mail: [EMAIL PROTECTED]
cn: hiler monitor
o: hotmail.com
givenName: hiler
surname: monitor
dn: cn="Inette Monitor",[EMAIL PROTECTED],c=US,o=crackerbarrel.c
om
mail: [EMAIL PROTECTED]
cn: Inette Monitor
o: crackerbarrel.com
l: Lebanon
givenName: Inette
surname: Monitor
dn: cn="Inette Monitor",[EMAIL PROTECTED],c=US,o=cbrl.cbrlcorp.co
m
mail: [EMAIL PROTECTED]
cn: Inette Monitor
o: cbrl.cbrlcorp.com
l: Lebanon
givenName: Inette
surname: Monitor
dn: cn="Inette Monitor",[EMAIL PROTECTED],c=US,o=corphq.cbrlcor
p.com
mail: [EMAIL PROTECTED]
cn: Inette Monitor
o: corphq.cbrlcorp.com
l: Lebanon
givenName: Inette
surname: Monitor
dn: cn="Inette Monitor",[EMAIL PROTECTED],c=US,o=crackerbarrel.co
m
mail: [EMAIL PROTECTED]
cn: Inette Monitor
o: crackerbarrel.com
l: Lebanon
givenName: Inette
surname: Monitor
Trying ldap.whowhere.com...
ldap_simple_bind: Protocol error
ldap_simple_bind: additional info: version not supported
ldapsearch: the server doesn't understand LDAPv3; trying LDAPv2 instead...
ldap_search: Operations error
ldap_search: additional info: Could not get data from whowhere search engine
ldap_simple_bind: Protocol error
ldap_simple_bind: additional info: version not supported
ldapsearch: the server doesn't understand LDAPv3; trying LDAPv2 instead...
version: 1
dn: cn=monitor
version: slapd 3.3 (Wed Mar 18 12:11:22 PST 1998)
threads: 1
connection:: MTEgOiAwMTAyMDgxMjA2MjBaIDogMiA6IDIgOiBOVUxMRE4gOiA=
connection:: MTIgOiAwMTAyMDgxMjAyNTdaIDogMSA6IDEgOiBOVUxMRE4gOiA=
connection:: MTMgOiAwMTAyMDgxMjAyMDRaIDogMSA6IDEgOiBOVUxMRE4gOiA=
connection:: MTQgOiAwMTAyMDgxMjEwMzJaIDogMiA6IDIgOiBOVUxMRE4gOiA=
connection:: MTUgOiAwMTAyMDgxMjA2MzdaIDogMSA6IDEgOiBOVUxMRE4gOiA=
connection:: MTYgOiAwMTAyMDgxMjA5NTBaIDogMSA6IDEgOiBOVUxMRE4gOiA=
connection:: MTcgOiAwMTAyMDgxMjE5MDZaIDogMSA6IDEgOiBOVUxMRE4gOiA=
connection:: MTggOiAwMTAyMDgxMjA2NDRaIDogMSA6IDEgOiBOVUxMRE4gOiA=
connection:: MTkgOiAwMTAyMDgxMjIxNTNaIDogMiA6IDIgOiBOVUxMRE4gOiA=
connection:: MjAgOiAwMTAyMDgxMjE2NTBaIDogNiA6IDYgOiBOVUxMRE4gOiA=
connection:: MjEgOiAwMTAyMDgxMjA4MTdaIDogMSA6IDEgOiBOVUxMRE4gOiA=
connection:: MjIgOiAwMTAyMDgxMjA1MjVaIDogMSA6IDEgOiBOVUxMRE4gOiA=
connection:: MjMgOiAwMTAyMDgxMjAzNDlaIDogMSA6IDEgOiBOVUxMRE4gOiA=
connection:: MjQgOiAwMTAyMDgxMjE1MTVaIDogMiA6IDIgOiBOVUxMRE4gOiA=
connection:: MjUgOiAwMTAyMDgxMjA1MjVaIDogMSA6IDEgOiBOVUxMRE4gOiA=
connection:: MjYgOiAwMTAyMDgxMjAzNTdaIDogMSA6IDEgOiBOVUxMRE4gOiA=
connection:: MjcgOiAwMTAyMDgxMjA3NDFaIDogMSA6IDEgOiBOVUxMRE4gOiA=
connection:: MjggOiAwMTAyMDgxMjE4MjVaIDogMSA6IDEgOiBOVUxMRE4gOiA=
connection:: MjkgOiAwMTAyMDgxMjA5MjNaIDogMSA6IDEgOiBOVUxMRE4gOiA=
connection:: MzAgOiAwMTAyMDgxMjA5MzBaIDogMSA6IDEgOiBOVUxMRE4gOiA=
connection:: MzEgOiAwMTAyMDgxMjA1MjlaIDogMSA6IDEgOiBOVUxMRE4gOiA=
connection:: MzIgOiAwMTAyMDgxMjE3NDZaIDogMiA6IDIgOiBOVUxMRE4gOiA=
connection:: MzMgOiAwMTAyMDgxMjA3NTZaIDogMSA6IDEgOiBOVUxMRE4gOiA=
connection:: MzQgOiAwMTAyMDgxMjE5MjVaIDogMSA6IDEgOiBOVUxMRE4gOiA=
connection:: MzUgOiAwMTAyMDgxMjIwNDZaIDogMSA6IDEgOiBOVUxMRE4gOiA=
connection:: MzYgOiAwMTAyMDgxMjIxNDNaIDogMSA6IDEgOiBOVUxMRE4gOiA=
connection:: MzcgOiAwMTAyMDgxMjIxMDhaIDogNCA6IDQgOiBOVUxMRE4gOiA=
connection:: MzggOiAwMTAyMDgxMjIwMjVaIDogMSA6IDEgOiBOVUxMRE4gOiA=
connection:: MzkgOiAwMTAyMDgxMjE3MDVaIDogMSA6IDEgOiBOVUxMRE4gOiA=
connection:: NDAgOiAwMTAyMDgxMjIxMjRaIDogMSA6IDEgOiBOVUxMRE4gOiA=
connection:: NDEgOiAwMTAyMDgxMjIwMjlaIDogMyA6IDMgOiBOVUxMRE4gOiA=
connection:: NDIgOiAwMTAyMDgxMjIxNTZaIDogMiA6IDIgOiBOVUxMRE4gOiA=
connection:: NDMgOiAwMTAyMDgxMjIxNTRaIDogMiA6IDIgOiBOVUxMRE4gOiA=
connection:: NDQgOiAwMTAyMDgxMjIxMTRaIDogMiA6IDIgOiBOVUxMRE4gOiA=
connection:: NDUgOiAwMTAyMDgxMjEyMzlaIDogMSA6IDEgOiBOVUxMRE4gOiA=
connection:: NDYgOiAwMTAyMDgxMjIwNTNaIDogMSA6IDEgOiBOVUxMRE4gOiA=
connection:: NDggOiAwMTAyMDgxMjIxNTlaIDogMyA6IDIgOiBOVUxMRE4gOiA=
currentconnections: 37
totalconnections: 1649
dtablesize: 1024
writewaiters: 0
readwaiters: 0
opsinitiated: 3859
opscompleted: 3858
entriessent: 26466
bytessent: 2872382
currenttime: 010208122159Z
starttime: 010208120203Z
nbackends: 1
concurrency: 3
Trying ldap.infospace.com...
ldap_simple_bind: Can't connect to the LDAP server - Connection refused
ldap_simple_bind: Can't connect to the LDAP server - Connection refused
Trying ldap.switchboard.com...
ldap_simple_bind: Can't connect to the LDAP server - No route to host
ldap_simple_bind: Can't connect to the LDAP server - No route to host
Trying directory.verisign.com...
version: 1
dn:
namingContexts:
version: 1
dn: cn=monitor
version: Netscape-Directory/3.0
Trying ldap.itd.umich.edu...
ldap_simple_bind: Protocol error
ldap_simple_bind: additional info: version not supported
ldapsearch: the server doesn't understand LDAPv3; trying LDAPv2 instead...
ldap_search: No such object
ldap_simple_bind: Protocol error
ldap_simple_bind: additional info: version not supported
ldapsearch: the server doesn't understand LDAPv3; trying LDAPv2 instead...
version: 1
dn: CN=MONITOR
version: slapd 1.2.11-Release (Tue Aug 8 16:56:55 EDT 2000)
Trying ldap.nyu.edu...
version: 1
dn:
namingContexts:
version: 1
dn: cn=monitor,cn=intranet.nyu.edu,dc=nyu,dc=edu
version: IDDS 4.5.1
Trying directory.washington.edu...
version: 1
dn:
namingContexts: o=University of Washington,c=US
namingContexts: cn=schema
version: 1
dn: cn=monitor
version: Netscape-Directory/3.11
Trying ldap.wvu.edu...
version: 1
dn:
namingContexts: o=West Virginia University,c=US
namingContexts: cn=schema
version: 1
dn: cn=monitor
version: Netscape-Directory/3.0
Trying ldap.tcs.tulane.edu...
ldap_simple_bind: Protocol error
ldap_simple_bind: additional info: version not supported
ldapsearch: the server doesn't understand LDAPv3; trying LDAPv2 instead...
ldap_search: No such object
ldap_simple_bind: Protocol error
ldap_simple_bind: additional info: version not supported
ldapsearch: the server doesn't understand LDAPv3; trying LDAPv2 instead...
version: 1
dn: cn=monitor
version: slapd 3.3 (Fri Jul 11 02:21:26 CDT 1997)
threads: -660
connection:: NSA6IDAxMDIwODEzNDQyMlogOiAzIDogMiA6IE5VTExETiA6IA==
currentconnections: 1
totalconnections: 13800
dtablesize: 2000
writewaiters: 0
readwaiters: 0
opsinitiated: 36398
opscompleted: 36397
entriessent: 390851
bytessent: 71598514
currenttime: 010208134423Z
starttime: 010206160625Z
nbackends: 1
--------------2E03E3AE07E0384EC0B54916--
Date: Fri, 09 Feb 2001 09:54:43 -0500
From: [EMAIL PROTECTED] (Mark C Smith)
Subject: Re: LDAP v2 support in a Mozilla client?
Leif Hedstrom wrote:
>
> Looking at this, it seems that we might have to support LDAP v2,
> since at least one big player, whowhere.com, only supports LDAP v2?
> Maybe we need to do what ldapsearch does, try a v3 connection, if
> that fails, connect with v2, and set an internal flag disabling any
> feature that would require v3.
>
> Would that be a significant performance problem when talking to a v2
> only server? The connection would be kept cached and alive for
> some small amount of time (say 5-10 minutes).
No, I would not worry about performance in the case. Optimize for
LDAPv3, but fall back to LDAPv2 if you have time to implement that....
