Module: sip-router
Branch: janakj/ldap
Commit: 870ae982996067ac14572f87f82e4ea21597b9c3
URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=870ae98…
Author: Jan Janak <jan(a)iptel.org>
Committer: Jan Janak <jan(a)iptel.org>
Date: Wed Jun 25 08:12:06 2008 +0000
- updated with comments received from Victor Pascual
---
modules/db_ldap/standards.txt | 36 ++++++++++++++++++++++++++++--------
1 files changed, 28 insertions(+), 8 deletions(-)
diff --git a/modules/db_ldap/standards.txt b/modules/db_ldap/standards.txt
index e24244d..7bfeb8b 100644
--- a/modules/db_ldap/standards.txt
+++ b/modules/db_ldap/standards.txt
@@ -3,25 +3,45 @@ List of relevant standards and RFCs
RFC2307: An Approach for Using LDAP as a Network Information Service
+ This document is experimental and based on RFC2251, which has been obsoleted
+ by RFC 4510, RFC 4511, RFC 4513, RFC 4512 and updated by RFC 3377 and RFC
+ 3771. Anyhow, AFAIK RFC 2307 is not obsoleted.
+
RFC2256: A summary of the X.500(96) user Schema for use with LDAPv3
- This rfc contains a collection of attribute types and object
- classes collected from various ITU documents. Attribute types
- such as objectClass or cn are defined here.
+
+ This rfc contains a collection of attribute types and object classes
+ collected from various ITU documents. Attribute types such as objectClass or
+ cn are defined here.
+
+ This document has been obsoleted by RFC 4510 and updated by RFC 4512, RFC
+ 4517 and RFC 4519.
+
RFC2587: Internet X.509 Public Key Infrastructure LDAPv2 Schema
+ This document has been obsoleted by RFC 4523.
+
+
RFC1274: The COSINE and Internet X.500 Schema
+ This document has been obsoleted by RFC 4524.
+
RFC2798: Definition of the inetOrgPerson LDAP Object Class
+ This document has been updated by RFC 3698, RFC 4519 and RFC 4524.
+
RFC4515: Lightweight Directory Access Protocol (LDAP): String Representation
of Search Filters
RFC4530: LDAP entryUUID Operational Attribute
- This RFC defines the entryUUID operational attribute which can be
- used by the server to assign unique identifiers to objects in the
- directory. Such identifiers can be used to identify the object even
- when the dn of the object changes. Unfortunately the entryUUID attribute
- cannot by modified by the user and thus it is not directly usable for us.
+
+ This RFC defines the entryUUID operational attribute which can be used by
+ the server to assign unique identifiers to objects in the directory. Such
+ identifiers can be used to identify the object even when the dn of the
+ object changes. Unfortunately the entryUUID attribute cannot by modified by
+ the user and thus it is not directly usable for us.
RFC2252 LDAPv3: Attribute Syntax Definitions
+
+ This document has been obsoleted by RFC 4510, RFC 4517, RFC 4523, RFC 4512
+ and updated by RFC 3377
Module: sip-router
Branch: janakj/ldap
Commit: 98afa6b7ab601686d95818262febb4988cd3a576
URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=98afa6b…
Author: Jan Janak <jan(a)iptel.org>
Committer: Jan Janak <jan(a)iptel.org>
Date: Wed Jun 25 08:57:26 2008 +0000
- todo updated
---
modules/db_ldap/todo.txt | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)
diff --git a/modules/db_ldap/todo.txt b/modules/db_ldap/todo.txt
index 20f230b..da94661 100644
--- a/modules/db_ldap/todo.txt
+++ b/modules/db_ldap/todo.txt
@@ -101,3 +101,6 @@ X Support for Older LDAP Libraries
Older versions of the openldap client library might not contain
LDAP_SCOPE_CHILDREN. We need to handle this case in a graceful manner and
make sure that the module compiles.
+
+* Check that we escape strings properly according to RFC4514
+
Module: sip-router
Branch: janakj/ldap
Commit: fd792300495f0de47885926ea4e0a6cb65710959
URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=fd79230…
Author: Jan Janak <jan(a)iptel.org>
Committer: Jan Janak <jan(a)iptel.org>
Date: Thu Jul 10 12:54:55 2008 +0000
- new items added to the todo list
---
modules/db_ldap/todo.txt | 38 ++++++++++++++++++++++++++++++++++++++
1 files changed, 38 insertions(+), 0 deletions(-)
diff --git a/modules/db_ldap/todo.txt b/modules/db_ldap/todo.txt
index da94661..ce9c672 100644
--- a/modules/db_ldap/todo.txt
+++ b/modules/db_ldap/todo.txt
@@ -104,3 +104,41 @@ X Support for Older LDAP Libraries
* Check that we escape strings properly according to RFC4514
+* Support for server-side compare operation (could be used for authentication
+ where the client would send the digest credentials and the server replies
+ whether or not they are valid, similar to RADIUS digest authentication)
+
+* Support for alias-dereferencing
+
+ Aliases represent links to other entries or partitions of the namespace.
+ When the distinguished name of an alias is used, the entry accessed is
+ the entry to which the alias refers.
+ Alias dereferencing specifies if aliases are dereferenced-- that is, if
+ the alias entry itself or the entry it points to is used. Aliases can be
+ dereferenced or not when locating the base object and/or when searching
+ under the base object.
+
+* Support for handling of NULL Values in configuration parameters
+
+ When an optional attribute is missing and also when the attribute is
+ present but has no value; e.g. DN=NULL for anonymous authentication.
+
+* Support for asynchronous notifications
+ The only standardized async. notification seems to be "notice of disconnection"
+ so all that we can do is just log incoming asynchronous notifications from the
+ server
+
+* Support for subscribing to notifications of changes in the DIT (optional)
+ This could be useful for updating data that is cached in SER, such as the list
+ of supported domains. This is a "nice to have" type of feature, so no time
+ estimation for implementation.
+
+* Support for automatic reconnects (check if we do it and if we do it properly).
+
+* Implement support for referrals (in the ldap module, not in the libldap library).
+ Including loop detection.
+
+* Support for time limited search operations
+
+* Support for size limited search operations
+
Module: sip-router
Branch: janakj/ldap
Commit: 0d7657b850b13160ad7ae2f46a09d9d539fe4977
URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=0d7657b…
Author: Jan Janak <jan(a)iptel.org>
Committer: Jan Janak <jan(a)iptel.org>
Date: Thu Jul 10 14:14:02 2008 +0000
- ticket numbers added
---
modules/db_ldap/todo.txt | 134 ++++++++++++++++++++++++----------------------
1 files changed, 70 insertions(+), 64 deletions(-)
diff --git a/modules/db_ldap/todo.txt b/modules/db_ldap/todo.txt
index ce9c672..3849dee 100644
--- a/modules/db_ldap/todo.txt
+++ b/modules/db_ldap/todo.txt
@@ -1,35 +1,35 @@
X Simple Authentication
- Implement support for simple LDAP authentication with username and
- password. This will take a change in the URI parser because the one provided
- by libldap (which we use to parse the URI right now) does not support
- embedded usernames and passwords in the URI.
+ Implement support for simple LDAP authentication with username and password.
+ This will take a change in the URI parser because the one provided by
+ libldap (which we use to parse the URI right now) does not support embedded
+ usernames and passwords in the URI.
-* SASL Authentication Support
+* SASL Authentication Support (SER-392)
The driver supports no authentication method at the moment, we should
include support for simple authentication at least, but better SASL.
-* TLS/SSL Support
+* TLS/SSL Support (SER-394)
The driver should support encrypted connections to LDAP servers and some
level of certificate validation. Currently there are no options or
parameters to configure SSL/TLS certificates and keys to use.
-* Copy Data from Config Data Structure
+* Copy Data from Config Data Structure (SER-395)
- The driver maintains an internal data structure that gets initialized
- from the supplied configuration file. The structure contains things like
- search filters and field mapping tables. The LDAP specific extension
- structures make a shallow copy of strings from the configuration
- data structure, they should rather copy the whole string so that they
- do not depend on the config structure.
+ The driver maintains an internal data structure that gets initialized from
+ the supplied configuration file. The structure contains things like search
+ filters and field mapping tables. The LDAP specific extension structures
+ make a shallow copy of strings from the configuration data structure, they
+ should rather copy the whole string so that they do not depend on the config
+ structure.
X Implement Support For < And > Operators
- The LDAP search filter syntax (RFC4515) does not support < and >
- operators, only <= and >=. Currently the ldap driver simply uses <= instead
- of < and >= instead of >. We need a better implementation of this.
+ The LDAP search filter syntax (RFC4515) does not support < and > operators,
+ only <= and >=. Currently the ldap driver simply uses <= instead of < and >=
+ instead of >. We need a better implementation of this.
X Implement Support For Other Than str Parameters
@@ -37,36 +37,36 @@ X Escape Values of Parameters Injected Into the Search Filter
see RFC4515 for description of escaping.
-* Proper handling of NULL Values in Parameter.
+* Proper handling of NULL Values in Parameter (SER-396).
- Is it correct that parameters with NULL values are represented as
- paramName= in the filter?
+ Is it correct that parameters with NULL values are represented as paramName=
+ in the filter?
-* Use Asynchronous API Functions Instead of Synchronous
+* Use Asynchronous API Functions Instead of Synchronous (SER-397)
- This would be useful when we have support for multiple database drivers
+ This would be useful when we have support for multiple database drivers
within one database context, then we could initiate multiple searches
simultaneously without being blocked waiting for the result.
-* Support For Multi-Value Attributes
+* Support For Multi-Value Attributes (SER-398)
The module should support multi-value attributes. Objects containing
- attributes with multi-values should be returned as multiple records,
- each record containing one value of the multi-value attribute. Currently
- the module will report an error if it encounters a multi-value attribute.
+ attributes with multi-values should be returned as multiple records, each
+ record containing one value of the multi-value attribute. Currently the
+ module will report an error if it encounters a multi-value attribute.
-* Support For Time Zones in Generalized Times
+* Support For Time Zones in Generalized Times (SER-399)
The time conversion functions ignore time zones in GeneralizedTime
attributes, this should be fixed.
-* Handle Fractions of Seconds in Generalized Time
+* Handle Fractions of Seconds in Generalized Time (SER-400)
There is no need to account fractions of seconds because we store time
- internally as time_t, but the parses should be able to skip fractions
- of seconds gracefully.
+ internally as time_t, but the parses should be able to skip fractions of
+ seconds gracefully.
-* Eliminate Use of All libldap Functions Marked as Deprecated
+* Eliminate Use of All libldap Functions Marked as Deprecated (SER-401)
We should eliminate the use of all functions that are marked as deprecated
in the header field and remove LDAP_DEPRECATED define from all files.
@@ -83,62 +83,68 @@ X Support for Syntax Specification in the Config File
attributes in the configuration file so that the module knows how to convert
DB API fields into attribute values in command parameters.
-* Support DB_NEQ Operator in Integer Attributes
+* Support DB_NEQ Operator in Integer Attributes (SER-402)
fld!=10 could be converted to the search filter as: (|(fld<=9)(fld>=11))
-* Indicate Underflow/Overflow in Integer Attributes
+* Indicate Underflow/Overflow in Integer Attributes (SER-403)
The operators < and > cannot be used in LDAP search filter, RFC4515 only
- supports <= and >= so we create the search filter like this:
- fld<10 -> (fld<=9)
- fld>10 -> (fld>=11)
- The module should issue an warning when the incremented/decremented field
- value overflows/underflows.
+ supports <= and >= so we create the search filter like this: fld<10 ->
+ (fld<=9) fld>10 -> (fld>=11) The module should issue an warning when the
+ incremented/decremented field value overflows/underflows.
X Support for Older LDAP Libraries
- Older versions of the openldap client library might not contain
+ Older versions of the openldap client library might not contain
LDAP_SCOPE_CHILDREN. We need to handle this case in a graceful manner and
make sure that the module compiles.
-* Check that we escape strings properly according to RFC4514
+* Check that we escape strings properly according to RFC4514 (SER-404)
-* Support for server-side compare operation (could be used for authentication
+* Support for server side comparison (SER-405)
+
+ Support for server-side compare operation (could be used for authentication
where the client would send the digest credentials and the server replies
whether or not they are valid, similar to RADIUS digest authentication)
-* Support for alias-dereferencing
+* Support for alias-dereferencing (SER-406)
- Aliases represent links to other entries or partitions of the namespace.
- When the distinguished name of an alias is used, the entry accessed is
- the entry to which the alias refers.
- Alias dereferencing specifies if aliases are dereferenced-- that is, if
- the alias entry itself or the entry it points to is used. Aliases can be
- dereferenced or not when locating the base object and/or when searching
- under the base object.
+ Aliases represent links to other entries or partitions of the namespace.
+ When the distinguished name of an alias is used, the entry accessed is the
+ entry to which the alias refers. Alias dereferencing specifies if aliases
+ are dereferenced-- that is, if the alias entry itself or the entry it points
+ to is used. Aliases can be dereferenced or not when locating the base object
+ and/or when searching under the base object.
+
+* Support for handling of NULL Values in configuration parameters (SER-407)
+
+ When an optional attribute is missing and also when the attribute is present
+ but has no value; e.g. DN=NULL for anonymous authentication.
-* Support for handling of NULL Values in configuration parameters
+* Support for unsolicited notifications (SER-408)
- When an optional attribute is missing and also when the attribute is
- present but has no value; e.g. DN=NULL for anonymous authentication.
+ The only standardized unsolicited notification seems to be "notice of
+ disconnection" so all that we can do is just log incoming asynchronous
+ notifications from the server
-* Support for asynchronous notifications
- The only standardized async. notification seems to be "notice of disconnection"
- so all that we can do is just log incoming asynchronous notifications from the
- server
+* Support for asynchronous notifications (SER-409)
-* Support for subscribing to notifications of changes in the DIT (optional)
- This could be useful for updating data that is cached in SER, such as the list
- of supported domains. This is a "nice to have" type of feature, so no time
- estimation for implementation.
+ Support for subscribing to notifications of changes in the DIT (optional)
+ This could be useful for updating data that is cached in SER, such as the
+ list of supported domains. This is a "nice to have" type of feature, so no
+ time estimation for implementation.
+
+* Support for automatic reconnects (SER-410)
+
+ (check if we do it and if we do it properly).
-* Support for automatic reconnects (check if we do it and if we do it properly).
+* Support for referrals (SER-411)
-* Implement support for referrals (in the ldap module, not in the libldap library).
- Including loop detection.
+ Implement support for referrals (in the ldap module, not in the libldap
+ library). Including loop detection.
-* Support for time limited search operations
+* Support for time limited search operations (SER-412)
-* Support for size limited search operations
+* Support for size limited search operations (SER-413)