What version of LDAP is supported in ACF2 r15.0?

Document ID : KB000045813
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

We are running ACF2 r 15.0 and soon migrating to 16.0, our developers want to know what version of LDAP is compliant on those versions of ACF2 ?

Answer:

CA ACF2 r15.0 and 16.0 supports CA LDAP 15.1. However there are specific RFC (4511) features that may or may not be supported.

RFC 4511 is used with several additional RFC's to document the entire LDAP protocol standard which encompasses many features. We do not review these RFC's in order to document a yes/no answer related to RFC4511 compliance.

There is the added complexity that the full LDAP protocol is not compatible with a non-directory. For example, the LDAP protocol has a modrdn feature to rename an object. While the CA LDAP Server supports the LDAP protocol, in the end it's just a translator. The CA LDAP Server has to take what's sent to it and turn it into a native CA ACF2 command. Since native ACF2 commands do not support renaming an object, if this is sent to CA LDAP Server, it returns an error, unsupported. Does this mean that CA LDAP Server doesn't support 4511? Some would say yes, some say no.

Another part of the LDAP protocol is controls. We support some of the generic controls that LDAP Server supports, we also added some that are specific to working with CA ACF2 and CA Top Secret that aren't relevant to a pure directory. For example, in support of CA ACF2 model, model into, archive, archive into, we’ve added CA specific controls. Does this mean that CA LDAP Server doesn't support 4511? Some would say yes, some say no.

In general does CA LDAP Server support simple binds? Yes
In general does CA LDAP Server support ldap and ldaps? Yes
In general does CA LDAP Server support add operations? Yes
In general does CA LDAP Server support modify operations? Yes
In general does CA LDAP Server support search operations? Yes
In general does CA LDAP Server support delete operations? Yes
In general does CA LDAP Server support TLS? Yes

If you have specific features you are looking to accomplish contact CA Support and we'd be happy to review with you and give definitive yes/no answers.