Network Working Group                                        M. Meredith
Request for Comments: 3045                                   Novell Inc.
Category: Informational                                     January 2001
        
Network Working Group                                        M. Meredith
Request for Comments: 3045                                   Novell Inc.
Category: Informational                                     January 2001
        

Storing Vendor Information in the LDAP root DSE

在LDAP根DSE中存储供应商信息

Status of this Memo

本备忘录的状况

This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited.

本备忘录为互联网社区提供信息。它没有规定任何类型的互联网标准。本备忘录的分发不受限制。

Copyright Notice

版权公告

Copyright (C) The Internet Society (2001). All Rights Reserved.

版权所有(C)互联网协会(2001年)。版权所有。

Abstract

摘要

This document specifies two Lightweight Directory Access Protocol (LDAP) attributes, vendorName and vendorVersion that MAY be included in the root DSA-specific Entry (DSE) to advertise vendor-specific information. These two attributes supplement the attributes defined in section 3.4 of RFC 2251.

本文档指定了两个轻量级目录访问协议(LDAP)属性vendorName和vendorVersion,它们可能包含在根DSA特定条目(DSE)中,以公布特定于供应商的信息。这两个属性补充了RFC 2251第3.4节中定义的属性。

The information held in these attributes MAY be used for display and informational purposes and MUST NOT be used for feature advertisement or discovery.

这些属性中包含的信息可用于显示和信息目的,不得用于功能广告或发现。

Conventions used in this document

本文件中使用的公约

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2219]

本文件中的关键词“必须”、“不得”、“要求”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照[RFC2219]中所述进行解释

1. Overview
1. 概述

LDAP clients discover server-specific data--such as available controls, extensions, etc.--by reading the root DSE. See section 3.4 of [RFC2251] for details.

LDAP客户端通过读取根DSE来发现特定于服务器的数据,如可用控件、扩展等。详见[RFC2251]第3.4节。

For display, information, and limited function discovery, it is desirable to be able to query an LDAP server to determine the vendor name of that server and also to see what version of that vendor's code is currently installed.

对于显示、信息和有限功能发现,最好能够查询LDAP服务器,以确定该服务器的供应商名称,并查看当前安装的供应商代码的版本。

1.1 Function discovery
1.1 功能发现

There are many ways in which a particular version of a vendor's LDAP server implementation may be functionally incomplete, or may contain software anomalies. It is impossible to identify every known shortcoming of an LDAP server with the given set of server data advertisement attributes. Furthermore, often times, the anomalies of an implementation are not found until after the implementation has been distributed, deployed, and is in use.

供应商的LDAP服务器实现的特定版本在许多方面可能在功能上不完整,或者可能包含软件异常。用给定的一组服务器数据广告属性来识别LDAP服务器的所有已知缺点是不可能的。此外,通常情况下,直到实现被分发、部署和使用之后,才会发现实现的异常。

The attributes defined in this document MAY be used by client implementations in order to identify a particular server implementation so that it can 'work around' such anomalies.

客户机实现可以使用本文档中定义的属性来识别特定的服务器实现,以便能够“解决”此类异常。

The attributes defined in this document MUST NOT be used to gather information related to supported features of an LDAP implementation. All LDAP features, mechanisms, and capabilities--if advertised--MUST be advertised through other mechanisms, preferably advertisement mechanisms defined in concert with said features, mechanisms, and capabilities.

本文档中定义的属性不得用于收集与LDAP实现支持的功能相关的信息。所有LDAP特性、机制和功能(如果公布)必须通过其他机制公布,最好是与所述特性、机制和功能一起定义的公布机制。

2. Attribute Types
2. 属性类型

These attributes are an addition to the Server-specific Data Requirements defined in section 3.4 of [RFC2251]. The associated syntaxes are defined in section 4 of [RFC2252].

这些属性是[RFC2251]第3.4节中定义的服务器特定数据要求的补充。[RFC2252]第4节定义了相关的语法。

Servers MAY restrict access to vendorName or vendorVersion and clients MUST NOT expect these attributes to be available.

服务器可能会限制对vendorName或vendorVersion的访问,客户端不得期望这些属性可用。

2.1 vendorName
2.1 卖方名称

This attribute contains a single string, which represents the name of the LDAP server implementer.

此属性包含一个字符串,表示LDAP服务器实现者的名称。

All LDAP server implementations SHOULD maintain a vendorName, which is generally the name of the company that wrote the LDAP Server code like "Novell, Inc."

所有LDAP服务器实现都应该维护一个vendorName,它通常是编写LDAP服务器代码(如“Novell,Inc.)的公司的名称

( 1.3.6.1.1.4 NAME 'vendorName' EQUALITY 1.3.6.1.4.1.1466.109.114.1 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )

(1.3.6.1.1.4名称“vendorName”相等1.3.6.1.4.1.1466.109.114.1语法1.3.6.1.4.1.1466.115.121.1.15单值无用户修改使用DSAOOperation)

2.2 vendorVersion
2.2 卖方版本

This attribute contains a string which represents the version of the LDAP server implementation.

此属性包含一个字符串,表示LDAP服务器实现的版本。

All LDAP server implementations SHOULD maintain a vendorVersion. Note that this value is typically a release value--comprised of a string and/or a string of numbers--used by the developer of the LDAP server product (as opposed to the supportedLDAPVersion, which specifies the version of the LDAP protocol supported by this server). This is single-valued so that it will only have one version value. This string MUST be unique between two versions, but there are no other syntactic restrictions on the value or the way it is formatted.

所有LDAP服务器实现都应该维护一个vendorVersion。请注意,此值通常是LDAP服务器产品开发人员使用的发布值(由字符串和/或数字字符串组成)(与supportedLDAPVersion相反,后者指定此服务器支持的LDAP协议版本)。这是单值的,因此它只有一个版本值。此字符串在两个版本之间必须是唯一的,但对值或其格式没有其他语法限制。

( 1.3.6.1.1.5 NAME 'vendorVersion' EQUALITY 1.3.6.1.4.1.1466.109.114.1 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )

(1.3.6.1.1.5名称“vendorVersion”等于1.3.6.1.4.1.1466.109.114.1语法1.3.6.1.4.1.1466.115.121.1.15单值无用户修改使用DSAOOperation)

The intent behind the equality match on vendorVersion is to not allow a less than or greater than type of query. Say release "LDAPv3 8.0" has a problem that is fixed in the next release "LDAPv3 8.5", but in the mean time there is also an update release say version "LDAPv3 8.01" that fixes the problem. This will hopefully stop the client from saying it will not work with a version less than "LDAPv3 8.5" when it would also work with "LDAPv3 8.01". With the equality match the client would have to exactly match what it is looking for.

vendorVersion上的相等匹配的目的是不允许小于或大于类型的查询。假设发行版“LDAPv3 8.0”存在一个问题,该问题在下一个发行版“LDAPv3 8.5”中得到修复,但同时也有一个更新发行版(如版本“LDAPv3 8.01”)修复了该问题。这将有望阻止客户机在使用“LDAPv3 8.01”时说它不能使用低于“LDAPv3 8.5”的版本。使用相等匹配时,客户机必须完全匹配它要查找的内容。

3. Notes to Server Implementers
3. 服务器实现者须知

Server implementers may consider tying the vendorVersion attribute value to the build mechanism so that it is automatically updated when the version value changes.

服务器实现者可以考虑将DevRoValm属性值绑定到生成机制,以便在版本值更改时自动更新它。

4. Notes to Client Developers
4. 客户开发人员须知

As mentioned in section 2.1, the use of vendorName and vendorVersion MUST NOT be used to discover features.

如第2.1节所述,不得使用vendorName和vendorVersion来发现功能。

It should be noted that an anomalies often on affect subset of implementations reporting the same version information. Most implementations support multiple platforms, have numerous configuration options, and often support plug-ins.

应该注意的是,异常通常会影响报告相同版本信息的实现子集。大多数实现支持多个平台,有许多配置选项,并且通常支持插件。

Client implementations SHOULD be written in such a way as to accept any value in the vendorName and vendorVersion attributes. If a client implementation does not recognize the specific vendorName or vendorVersion as one it recognizes, then for the purposes of 'working around' anomalies, the client MUST assume that the server is complete and correct. The client MUST work with implementations that do not publish these attributes.

客户机实现的编写方式应确保接受vendorName和vendorVersion属性中的任何值。如果客户机实现无法识别其识别的特定vendorName或vendorVersion,那么为了“解决”异常,客户机必须假设服务器是完整和正确的。客户端必须使用不发布这些属性的实现。

5. Security Considerations
5. 安全考虑

The vendorName and vendorVersion attributes are provided only as display or informational mechanisms, or as anomaly identifying mechanisms. Client and application implementers must consider that the existence of a given value in the vendorName or vendorVersion attribute is no guarantee that the server was actually built by the asserted vendor or that its version is the asserted version and should act accordingly.

vendorName和vendorVersion属性仅作为显示或信息机制或异常识别机制提供。客户机和应用程序实现者必须考虑,在VANDORNEXT或VANDORVALY版本属性中存在给定值不能保证服务器实际上是由断言的供应商建立的,或者它的版本是断言的版本,并且应该相应地采取行动。

Server implementers should be aware that this information could be used to exploit a security hole a server provides either by feature or flaw.

服务器实现者应该知道,这些信息可能会被用来利用服务器提供的安全漏洞(通过特性或缺陷)。

6. IANA Considerations
6. IANA考虑

This document seeks to create two attributes, vendorName and vendorVersion, which the IANA will primarily be responsible. This is a one time effort; there is no need for any recurring assignment after this stage.

本文档旨在创建两个属性:vendorName和vendorVersion,IANA将主要负责这两个属性。这是一次性的努力;在此阶段之后,无需执行任何定期任务。

7. References
7. 工具书类

[RFC2219] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.

[RFC2219]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。

[RFC2026] Bradner, S., "The Internet Standards Process -- Revision 3", BCP 9, RFC 2026, October 1996.

[RFC2026]Bradner,S.,“互联网标准过程——第3版”,BCP 9,RFC 2026,1996年10月。

[RFC2251] Wahl, M., Howes, T. and S. Kille, "Lightweight Directory Access Protocol (v3)", RFC 2251, December 1997.

[RFC2251]Wahl,M.,Howes,T.和S.Kille,“轻量级目录访问协议(v3)”,RFC 2251,1997年12月。

[RFC2252] Wahl, M., Coulbeck, A., Howes, T. and S. Kille, "Lightweight Directory Access Protocol (v3): Attribute Syntax Definitions", RFC 2252, December 1997.

[RFC2252]Wahl,M.,Coulbeck,A.,Howes,T.和S.Kille,“轻量级目录访问协议(v3):属性语法定义”,RFC2252,1997年12月。

8. Acknowledgments
8. 致谢

The author would like to thank the generous input and review by individuals at Novell including but not limited to Jim Sermersheim, Mark Hinckley, Renea Campbell, and Roger Harrison. Also IETF contributors Kurt Zeilenga, Mark Smith, Mark Wahl, Peter Strong, Thomas Salter, Gordon Good, Paul Leach, Helmut Volpers.

作者要感谢Novell个人的慷慨投入和评论,包括但不限于Jim Sermersheim、Mark Hinckley、Renea Campbell和Roger Harrison。还有IETF撰稿人Kurt Zeilenga、Mark Smith、Mark Wahl、Peter Strong、Thomas Salter、Gordon Good、Paul Leach、Helmut Volpers。

9. Author's Address
9. 作者地址

Mark Meredith Novell Inc. 1800 S. Novell Place Provo, UT 84606

马克·梅雷迪斯·诺维尔公司,美国犹他州普罗沃市诺维尔广场南1800号,邮编84606

Phone: 801-861-2645 EMail: mark_meredith@novell.com

电话:801-861-2645电子邮件:mark_meredith@novell.com

10. Full Copyright Statement
10. 完整版权声明

Copyright (C) The Internet Society (2001). All Rights Reserved.

版权所有(C)互联网协会(2001年)。版权所有。

This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English.

本文件及其译本可复制并提供给他人,对其进行评论或解释或协助其实施的衍生作品可全部或部分编制、复制、出版和分发,不受任何限制,前提是上述版权声明和本段包含在所有此类副本和衍生作品中。但是,不得以任何方式修改本文件本身,例如删除版权通知或对互联网协会或其他互联网组织的引用,除非出于制定互联网标准的需要,在这种情况下,必须遵循互联网标准过程中定义的版权程序,或根据需要将其翻译成英语以外的其他语言。

The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns.

上述授予的有限许可是永久性的,互联网协会或其继承人或受让人不会撤销。

This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

本文件和其中包含的信息是按“原样”提供的,互联网协会和互联网工程任务组否认所有明示或暗示的保证,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。

Acknowledgement

确认

Funding for the RFC Editor function is currently provided by the Internet Society.

RFC编辑功能的资金目前由互联网协会提供。