On 6/20/21 2:03 PM, [email protected] wrote: > I am writing here (hopefully it's the right list for the topic) to > ask about IDN (Internationalized Domain Names) support in OpenLDAP > and LDAP in general.> I've been perusing IETF documents and all I could find > was a couple > of expired drafts, 18 and 20 years old, pertaining the topic.> > https://datatracker.ietf.org/doc/draft-hall-ldap-idn/ > https://datatracker.ietf.org/doc/draft-zeilenga-ldap-idn/ > > Does anyone have more information on the topic and maybe on why those drafts > went nowhere?
Basically those attempts got stuck and in general LDAP work at the IETF does not happen anymore. But this is a pretty broad topic affecting various use-cases. Which particular use-case(s) do you have in mind? In my web2ldap I encode Unicode input values for domain names (dc, associatedDomain, domain part of mail, etc.) as IDNA and I decode the IDNA when displaying the values. Note that displaying Unicode strings is subject to homograph attacks. E-mail addresses are more complicated because of UTF-8 in the local part and thus you need a separate attribute. And well, you need MTAs support SMTPUTF8, which is AFAIK currently only supported by postfix. My own naive attempt for an LDAP attribute was: https://datatracker.ietf.org/doc/html/draft-stroeder-mailboxrelatedobject#section-2 For e-mail addresses there also has been more recent work for X.509 certs. Especially RFC 8398 defines matching rules: https://datatracker.ietf.org/doc/html/rfc8398#section-5 All in all this is not just a matter of the LDAP schema. Ciao, Michael.
