On Sun Apr 23, 2006 at 14:33:57 +1000, Philip Greggs wrote: >On 4/23/06, Benno <[EMAIL PROTECTED]> wrote: >> On Sat Apr 22, 2006 at 09:09:30 +1000, Philip Greggs wrote: >> >On 4/21/06, Benno <[EMAIL PROTECTED]> wrote: >> >> On Fri Apr 21, 2006 at 20:24:10 +1000, Philip Greggs wrote: <snip> >> >> Ok, to actually clarify the confusion... (hopefully). DNS is used in ldap >> at the network layer to determine how to contact the server. >> > >In simple words ldap needs DNS for it to be contacted by ldap clients >like 'ldapadd', 'dapsearch', etc.
Err, I'm not sure that you use of "ldap" in above makes sense. To rephrase: ldap clients like 'ldapadd', 'ldapsearch' may use DNS when contacting an LDAP search. >> DNS is not used by the server, and the base DN is not related to DNS, and >> you are free to set that to whatever. (Which is what brought this up in the >> first place.) > >You'll have to check IETF RFC 3663 before you bring more confusions, which >says in part and I quote: I don't understand what you are trying to say here. I am aware of the acroynm expansions and the meaning of the terms and my previous statement stands as is. Specifically the base DN, that is the root of an information heirarchy could be related to a server's DNS record, or, equally it could be totally unrelated, or confusingly it could be related to a different organisation's domain name. For example, some base DNs could be: (taken from http://www.idevelopment.info/data/LDAP/LDAP_Resources/DEPLOY_Choosing_a_Base_DN.shtml) o="idevelopment", c=US (base DN in X.500 format) o=idevelopment.info (base DN derived from the company's Internet presence) dc=idevelopment, dc=info (base DN derived from the company's DNS domain components) The important thing that was being said when someone else in this thread mentioned DNS and distinguished names, was that the ldap server doesn't imply any information about domain names. (Although I guess it wouldn't be unreasonable for it to imply this as dc stands for domain component). In any case, there is no problem for my LDAP server, whether conected to the internet or not, to store information about a distinguished name 'dc=example,dc=com', regardless of whether example.com exists, or whether I own it, or any such thing. Jamie originally wrote: "The bind DN and base DN have no relation to DNS except for namespacing. It is perfectly fine to use dc=example,dc=org as a DN during testing." Which I hope the above extended explanation makes clear. Cheers, Benno -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
