[Council] meeting reminder
Peter Saint-Andre
stpeter at stpeter.im
Wed Nov 21 11:12:05 CST 2007
Dave Cridland wrote:
> On Wed Nov 21 15:06:22 2007, Peter Saint-Andre wrote:
>> Just a friendly reminder that we have an XMPP Council meeting in ~4
>> hours:
>
> Forewarned is forearmed... I'll actually be on a train during this
> meeting, and doing things over GPRS. Which means I'll be slow, may have
> difficulty connecting, etc. It's also entirely possible I won't have any
> power, so will be reliant on batteries.
>
> Most importantly, there is a big tunnel just after Bristol, and I'll be
> at Bristol at 19:03 GMT, so I'll vanish offline for several minutes near
> the beginning of the meeting.
Thanks for the warning.
Is that 19:03 Bristol time? ;-)
> As a comment in advance, I'm concerned that the LDAP group field in 0045
> is underspecified - there's a bunch of LDAP group things that could be
> used here. It depends on what this is really intended to be used for and
> by. I'll talk to an LDAP expert or two and see if I can get some more
> information.
Yes, it does appear to be underspecified. I've looked at the LDAP specs
some more and I don't find a consistent definition of group. Indeed it
appears that different LDAP server implementations define and handle
groups in different ways. There are things like departmentName in RFC
2798 and that may be used in some implementations. But in general the
topic of groups in LDAP seems to be quite fragmented:
http://www.webtechniques.com/archives/2000/05/wilcox/
For example: "LDAP groups are tricky to use, particularly for the novice
LDAP user, for many reasons.... First, there's not a standard group
object class for LDAP."
http://middleware.internet2.edu/dir/docs/internet2-mace-dir-ldap-group-membership-200507.html
For instance: "There are a growing number of situations where a
standardized representation of group memberships would help support
interoperation between multiple processes and systems. The Internet2
Middleware Initiative projects Grouper and Signet are two cases in
point. This draft proposes a recommended binding for "isMemberOf" and
"hasMember" to the LDAP protocol."
If the LDAP folks haven't standardized this, there is no expectation
that we users of LDAP protocols will do so. As far as I can see, LDAP
groups are implementation-specific and deployment-specific. We defined
the "muc#roominfo_ldapgroup" field for people who deploy MUC in
enterprise environments. However, the exact nature of the LDAP group
behind that field depends on how that organization has set up its
directories. Or so it seems to me.
Peter
--
Peter Saint-Andre
https://stpeter.im/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7338 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mail.jabber.org/pipermail/council/attachments/20071121/463b46f7/attachment.bin
More information about the Council
mailing list