> > aellis@bighorn.dr.lucent.com asked:
> > Is there an LDAP compliance test suite or certification required
> > to advertise LDAP compliance?
This is an important topic, so to clairfy and build on what Mark said on
[my embellishments are marked with ^^^'s]
> Mark Wahl said in response:
> Internet specifications such as LDAP are freely available and can be 
> implemented by anyone.  It is important to note that LDAPv3 is not currently
> an IETF standard of any official maturity level (LDAPv2 is a draft 
   ^^^^^^          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^         ^^
> standard), so it is not (yet)
> possible to claim compliance to a "full" Internet Standard version of LDAP.
>                                  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
So, one might currently "reasonably" claim compliance to the "LDAPv2 *DRAFT*
Standard, RFC1777", and if conscientious, provide a pointer to RFC2026 for
definitions of standards' "Maturity Levels".
(See http://info.internet.isi.edu:80/in-notes/rfc/files/rfc2026.txt for the
definition of "Standards Track Maturity Levels" (i.e. Proposed, Draft,
> Mark continued: 
> Several parties produce test suites for LDAP; EuroSInet has a test suite
> for LDAPv2, as does NAC, and we are developing a test suite for LDAPv3.
> These parties may have 'brands' for use on Web pages or advertising
> materials to indicate that a product has passed a particular test suite.  No
> testing is  required by the IETF for LDAP, nor is there any official IETF
> standards  testing body for LDAP.  Whether a vendor chooses to have their
> product tested,  and by whom, is entirely at their own decision.
To build on this, I'll note that questions concerning LDAPv3 "compliance" and
"conformance" have been regularly coming up (I've asked some of them). At this
point, as Mark noted, there is no "compliance" or "conformance" language in the
LDAPv3 set of specifications. This does not mean that there never will be,
however. RFC2026 clearly defines such a type of document, called an
"Applicability Statement (AS)". From reading RFC2026, talking with Mark Wahl,
looking at prior examples such as routing protocols (RIPng, OSPF), and looking
at the existing state of Internet protocol standards (RFC2000), it seems
entirely reasonable for either the ASID WG participants to choose to develop an
LDAP AS and/or the IESG to require one to be developed, in order to advance
LDAP on the standards track (e.g from proposed to draft, or draft to internet
If/once there is an LDAP AS, then presummably independent vendors would be able
to develop compliance/conformance-testing suites that would test the core
protocol implementation and take into account various extensions, if any,
referenced in the AS. Such a test suite might return overall results like:
  This ldap impl successfully implements the requirements outlined in the LDAP
AS, RFC2XXX, or, 
  This ldap impl does not successfully implement...
So, until there's an LDAP AS that states otherwise, the only clearly apparent
common intersection of functionality that vendors ought to implement in order
to be able to "reasonably" claim they have an "LDAPv3" client or (especially)
server seems to be the set of protocol operations as defined in
draft-ietf-asid-ldapv3-protocol-05.txt (preferrably RFC 2XXX once it goes to
BUT, according to the grapvine, not all vendors are going to implement 
everything in ...asid-ldapv3-protocol-05.txt -- e.g. some may not implement 
extensible match.I hope that ASID will develop an AS in answer to issues such 
as this. 
Jeff Hodges