Network Working Group K. Zeilenga Request for Comments: 3494 OpenLDAP Foundation Obsoletes: 1484, 1485, 1487, 1488, 1777, March 2003 1778, 1779, 1781, 2559 Category: Informational
Network Working Group K. Zeilenga Request for Comments: 3494 OpenLDAP Foundation Obsoletes: 1484, 1485, 1487, 1488, 1777, March 2003 1778, 1779, 1781, 2559 Category: Informational
Lightweight Directory Access Protocol version 2 (LDAPv2) to Historic Status
轻型目录访问协议版本2(LDAPv2)到历史状态
Status of this Memo
本备忘录的状况
This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited.
本备忘录为互联网社区提供信息。它没有规定任何类型的互联网标准。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (C) The Internet Society (2003). All Rights Reserved.
版权所有(C)互联网协会(2003年)。版权所有。
Abstract
摘要
This document recommends the retirement of version 2 of the Lightweight Directory Access Protocol (LDAPv2) and other dependent specifications, and discusses the reasons for doing so. This document recommends RFC 1777, 1778, 1779, 1781, and 2559 (as well as documents they superseded) be moved to Historic status.
本文档建议停用轻量级目录访问协议(LDAPv2)版本2和其他相关规范,并讨论了这样做的原因。本文件建议将RFC 1777、1778、1779、1781和2559(以及它们取代的文件)移至历史状态。
Lightweight Directory Access Protocol, version 2
轻型目录访问协议,版本2
LDAPv2 (Lightweight Directory Access Protocol, version 2) [RFC1777][RFC1778][RFC1779] is an Internet Protocol used to access X.500-based directory services. This document recommends that LDAPv2 and other dependent specifications be retired. Specifically, this document recommends RFC 1777, 1778, 1779, 1781, and 2559 (as well as documents they superseded) be moved to Historic status. The reasons for taking this action are discussed below.
LDAPv2(轻型目录访问协议,版本2)[RFC1777][RFC1778][RFC1779]是一种用于访问基于X.500的目录服务的Internet协议。本文件建议撤销LDAPv2和其他相关规范。具体而言,本文件建议将RFC 1777、1778、1779、1781和2559(以及它们取代的文件)移至历史状态。采取这一行动的原因如下所述。
LDAPv2 was published in 1995 as a Draft Standard. Since its publication, a number of inadequacies in the specification have been discovered. LDAPv3 [RFC3377] was published in 1997 as a Proposed Standard to resolve these inadequacies. While LDAPv3 is currently being revised [LDAPbis], it is clearly technically superior to LDAPv2.
LDAPv2于1995年作为标准草案发布。自发布以来,发现了规范中的一些不足之处。LDAPv3[RFC3377]于1997年发布,作为解决这些不足的建议标准。虽然LDAPv3目前正在修订[LDAPbis],但它在技术上明显优于LDAPv2。
The LDAPv2 specification is not generally adhered to; that is, an independently developed implementation of the specification would not interoperate with existing implementations, as existing
通常不遵守LDAPv2规范;也就是说,独立开发的规范实现不会像现有的那样与现有实现进行互操作
implementations use syntaxes and semantics different than those prescribed by the specification. Below are two examples.
实现使用不同于规范规定的语法和语义。下面是两个例子。
1) Existing LDAPv2 implementations do not commonly restrict textual values to IA5 (ASCII) and T.61 (Teletex) as required by RFC 1777 and RFC 1778. Some existing implementations use ISO 8859-1, others use UCS-2, others use UTF-8, and some use the current local character set.
1) 现有的LDAPv2实现通常不会按照RFC 1777和RFC 1778的要求将文本值限制为IA5(ASCII)和T.61(Teletex)。一些现有实现使用ISO 8859-1,其他实现使用UCS-2,其他实现使用UTF-8,一些实现使用当前本地字符集。
2) RFC 1777 requires use of the textual string associated with AttributeType in the X.500 Directory standards. However, existing implementations use the NAME associated with the AttributeType in the LDAPv3 schema [RFC2252]. That is, LDAPv2 requires the organization name attribute be named "organizationName", not "o".
2) RFC1777要求在X.500目录标准中使用与AttributeType关联的文本字符串。但是,现有实现使用与LDAPv3模式[RFC2252]中的AttributeType关联的名称。也就是说,LDAPv2要求将organization name属性命名为“organizationName”,而不是“o”。
In addition, LDAPv2 does not provide adequate security features for use on the Internet. LDAPv2 does not provide any mechanism for data integrity or confidentiality. LDAPv2 does not support modern authentication mechanisms such as those based on DIGEST-MD5, Kerberos V, and X.509 public keys.
此外,LDAPv2没有提供足够的安全功能用于互联网。LDAPv2不提供任何数据完整性或机密性机制。LDAPv2不支持基于DIGEST-MD5、Kerberos V和X.509公钥的现代身份验证机制。
Dependent Specifications
从属规范
Since the publication of RFC 1777, 1778, and 1779, there have been additional standard track RFCs published that are dependent on these technical specifications, including:
自RFC 1777、1778和1779发布以来,已经发布了其他标准轨道RFC,这些RFC依赖于这些技术规范,包括:
"Using the OSI Directory to Achieve User Friendly Naming" [RFC1781]
“使用OSI目录实现用户友好命名”[RFC1781]
and
和
"Internet X.509 Public Key Infrastructure Operational Protocols - LDAPv2" [RFC2559].
“Internet X.509公钥基础设施操作协议-LDAPv2”[RFC2559]。
RFC 1781 is a technical specification for "User Friendly Naming" which replies on particular syntaxes described in RFC 1779. RFC 2253, which replaced RFC 1779, eliminated support for the "User Friendly Naming" syntaxes. RFC 1781 is currently a Proposed Standard.
RFC1781是“用户友好命名”的技术规范,对RFC1779中描述的特定语法进行了回复。RFC2253取代了RFC1779,取消了对“用户友好命名”语法的支持。RFC 1781是目前提议的标准。
RFC 2559 is primarily an applicability statement for using LDAPv2 in providing Public Key Infrastructure. It depends on RFC 1777 and updates RFC 1778. If LDAPv2 is moved to Historic status, so must this document. RFC 2559 is currently a Proposed Standard.
RFC 2559主要是一份关于使用LDAPv2提供公钥基础设施的适用性声明。它取决于RFC1777并更新RFC1778。如果LDAPv2移动到历史状态,则此文档也必须移动到历史状态。RFC 2559是目前提议的标准。
Security Considerations
安全考虑
LDAPv2 does not provide adequate security mechanisms for general use on the Internet. LDAPv3 offers far superior security mechanisms, including support for strong authentication and data confidentiality services. Moving LDAPv2 to Historic may improve the security of the Internet by encouraging implementation and use of LDAPv3.
LDAPv2没有提供足够的安全机制供互联网上的一般使用。LDAPv3提供了优越得多的安全机制,包括对强身份验证和数据保密服务的支持。通过鼓励实施和使用LDAPv3,将LDAPv2迁移到Historical可以提高互联网的安全性。
Recommendations
建议
Developers should not implement LDAPv2 per RFC 1777, as such would result in an implementation that will not interoperate with existing LDAPv2 implementations. Developers should implement LDAPv3 instead.
开发人员不应按照RFC 1777实现LDAPv2,因为这样会导致实现无法与现有LDAPv2实现互操作。开发人员应该实现LDAPv3。
Deployers should recognize that significant interoperability issues exist between current LDAPv2 implementations. LDAPv3 is clearly technically superior to LDAPv2 and hence should be used instead.
部署人员应该认识到当前LDAPv2实现之间存在重大的互操作性问题。LDAPv3在技术上明显优于LDAPv2,因此应改用LDAPv3。
It is recommended that RFC 1777, RFC 1778, RFC 1779, RFC 1781, and RFC 2559 be moved to Historic status.
建议将RFC 1777、RFC 1778、RFC 1779、RFC 1781和RFC 2559移至历史状态。
The previously superseded specifications RFC 1484, 1485, 1487, and 1488 (by RFC 1781, 1779, 1777, and 1778, respectively) should also be moved to Historic status.
先前被取代的规范RFC 1484、1485、1487和1488(分别由RFC 1781、1779、1777和1778)也应移至历史状态。
Acknowledgment
致谢
The author would like to thank the designers of LDAPv2 for their contribution to the Internet community.
作者要感谢LDAPv2的设计者对互联网社区的贡献。
Normative References
规范性引用文件
[RFC1777] Yeong, W., Howes, T. and S. Kille, "Lightweight Directory Access Protocol", RFC 1777, March 1995.
[RFC1777]Yeong,W.,Howes,T.和S.Kille,“轻量级目录访问协议”,RFC 17771995年3月。
[RFC1778] Howes, T., Kille, S., Yeong, W. and C. Robbins, "The String Representation of Standard Attribute Syntaxes", RFC 1778, March 1995.
[RFC1778]Howes,T.,Kille,S.,Yeong,W.和C.Robbins,“标准属性语法的字符串表示”,RFC 17781995年3月。
[RFC1779] Kille, S., "A String Representation of Distinguished Names", RFC 1779, March 1995.
[RFC1779]Kille,S.,“可分辨名称的字符串表示”,RFC17791995年3月。
[RFC1781] Kille, S., "Using the OSI Directory to Achieve User Friendly Naming", RFC 1781, March 1995.
[RFC1781]Kille,S.,“使用OSI目录实现用户友好命名”,RFC17811995年3月。
[RFC2559] Boeyen, S., Howes, T. and P. Richard, "Internet X.509 Public Key Infrastructure Operational Protocols - LDAPv2", RFC 2559, April 1999.
[RFC2559]Boeyen,S.,Howes,T.和P.Richard,“互联网X.509公钥基础设施操作协议-LDAPv2”,RFC 2559,1999年4月。
Informative References
资料性引用
[LDAPbis] IETF LDAP Revision (v3) Working Group (LDAPbis), <http://www.ietf.org/html-charters/ldapbis-charter.html>.
[LDAPbis]IETF LDAP修订版(v3)工作组(LDAPbis)<http://www.ietf.org/html-charters/ldapbis-charter.html>.
[RFC3377] Hodges, J. and R. Morgan, "Lightweight Directory Access Protocol (v3): Technical Specification", RFC 3377, September 2002.
[RFC3377]Hodges,J.和R.Morgan,“轻量级目录访问协议(v3):技术规范”,RFC 3377,2002年9月。
[RFC2252] Wahl, M., Coulbeck, A., Howes, T. and S. Kille, "Lightweight Directory Access Protocol (v3): Attribute Syntax Definitions", RFC 2252, December 1997.
[RFC2252]Wahl,M.,Coulbeck,A.,Howes,T.和S.Kille,“轻量级目录访问协议(v3):属性语法定义”,RFC2252,1997年12月。
[RFC2253] Wahl, M., Kille, S. and T. Howes, "Lightweight Directory Access Protocol (v3): UTF-8 String Representation of Distinguished Names", RFC 2253, December 1997.
[RFC2253]Wahl,M.,Kille,S.和T.Howes,“轻量级目录访问协议(v3):可分辨名称的UTF-8字符串表示”,RFC 2253,1997年12月。
Author's Address
作者地址
Kurt D. Zeilenga OpenLDAP Foundation
库尔特D.Zeeliga OpenLDAP基金会
EMail: Kurt@OpenLDAP.org
EMail: Kurt@OpenLDAP.org
Full Copyright Statement
完整版权声明
Copyright (C) The Internet Society (2003). All Rights Reserved.
版权所有(C)互联网协会(2003年)。版权所有。
This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English.
本文件及其译本可复制并提供给他人,对其进行评论或解释或协助其实施的衍生作品可全部或部分编制、复制、出版和分发,不受任何限制,前提是上述版权声明和本段包含在所有此类副本和衍生作品中。但是,不得以任何方式修改本文件本身,例如删除版权通知或对互联网协会或其他互联网组织的引用,除非出于制定互联网标准的需要,在这种情况下,必须遵循互联网标准过程中定义的版权程序,或根据需要将其翻译成英语以外的其他语言。
The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns.
上述授予的有限许可是永久性的,互联网协会或其继承人或受让人不会撤销。
This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
本文件和其中包含的信息是按“原样”提供的,互联网协会和互联网工程任务组否认所有明示或暗示的保证,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。
Acknowledgement
确认
Funding for the RFC Editor function is currently provided by the Internet Society.
RFC编辑功能的资金目前由互联网协会提供。