Application for Works With LDAP Certification

Draft of 30 March 2000

Introduction

This is a preliminary draft of the form to be used by vendors applying for "Works With LDAP" certification.

This draft has not been reviewed and has no official standing. Comments on it are welcome, and should be sent to Chris Harding at The Open Group - c.harding@opengroup.org

The Products

The information that you enter in this section will be displayed as part of your entry in the register of products certified to Work With LDAP.

We apply for the "Works With LDAP" certificate for the following products.

The version of each product should be identified. Different versions of a product should be listed separately.

More than one product, and more than one version of each product, can be covered by a single application. Different families of products should be covered by different applications. It is up to you to decide what constitutes a family.

As a practical guide, if you find that many of the answers to the questions take the form "For product A so-and-so and for product B such-and-such" then you should be putting in separate applications for products A and B. 

Product Functions That Use LDAP

The information that you enter in this section will be displayed as part of your entry in the register of products certified to Work With LDAP, and will form part of your legal agreement with The Open Group.

The following functions of the products use LDAP.

You should list all of the product functions that use LDAP.

Functions should be described at an outline level. Examples are:

  • for an e-mail client - "Looks up recipients' e-mail addresses"
  • for a VPN Firewall - "Searches a directory for cross-certificates in order to authenticate certificates presented by parties requesting access to the virtual network".

Circumstances Under Which the Products Work With LDAP

The information that you enter in this section will be displayed as part of your entry in the register of products certified to Work With LDAP, and will form part of your legal agreement with The Open Group.

Does the product require the server to support any optional features of the LDAP 2000 Product Standard?

Extensible Match 

Notice of Disconnection 

Client Modification of Subschema Entries 

Validation of Client SSL Certificates 

Access to SSL Credentials via SASL EXTERNAL .

See the LDAP 2000 Product Standard for definitions of these features.

What schema definitions does the product require the server to support?

Any such definitions should be identified, and URLs for them should be provided. For example, a statement might be: "The server must support the attribute and syntax definitions in IETF RFC 2256 - see http://www.ietf.org/rfc/rfc2256.txt."

The definitions do not have to be official standards. They can be company- or product-specific. But they must be public and stable. Version numbers and issue dates should be given where applicable.

Does the product require authorized users to have directory entries?

Authorized users must have directory entries.

If you checked the box above, where must such entries be in the DIT?

Does the product rely on any particular form of access control?

The server must have access control.

For example, does it assume that some entries or attributes are read-only? Does it assume group-level access control?

If you checked the box above, what access control is required?

Are there any extensions to basic LDAP functionality that the product can use?

The product must not require servers to support any functionality beyond that defined in the LDAP 2000 Product Standard. But if there are extensions that improve its operation, they can be listed.

Are there anything else that the product requires servers to support?

Customers should be certain that they can use the product provided that their servers conform to the LDAP 2000 Product Standard and provided that they satisfy any requirements stated in this section of the "Works With LDAP" application form. Any requirements not covered by the previous questions should be listed. 

Tests Performed

The information that you enter in this section will not be displayed in the register of products certified to Work With LDAP, and will not form part of your legal agreement with The Open Group. It is kept as a record of the fact that you have done adequate testing, and of what that testing was. If necessary, the tests may be repeated if there is a question raised about the working of your products.

The testing assumed by the questions in this section is the minimum that a responsible vendor will carry out as part of product development.

The tests should be carried out against several different standard servers. There are no minimum requirements for this, but it is clearly something that application vendors will want to do to assure themselves that their products really Work With LDAP.

What tests have been done to ensure that the product works with standard LDAP servers?

A set of publicly available tests, such as BLITS, is desirable. In-house tests are acceptable, provided the vendor deposits a test suite specification with The Open Group and is prepared for The Open Group to disclose it to third parties.

What is the test coverage?

All success cases are tested.

For each function listed under "Product Functions that Work With LDAP", successful operation of that function should be covered by the tests.

All important error cases are tested.

Tests should cover not only successful operation but also all commonly arising error situations.

All required LDAP operations are tested.

Each LDAP operation - bind, search, etc. - that is used by the product should be covered by the tests.

All schema branches are tested.

The tests should exercise every branch of the directory schema that the product uses.

Is there anything else you would like to say about the tests performed?

If there is anything else that you think people should know about your testing, please say it here.

If you did not check all of the boxes in the test coverage section, please say why.

Submission

When you are satisfied with your answers to the questions, click on the "Submit" button.

The answers in the sections Product Functions that Work With LDAP, and Circumstances Under Which the Products Work With LDAP will become schedules to a legal agreement with The Open Group which, when signed and countersigned, will entitle you to claim "Works With LDAP" certification for the products that you listed in the section The Products.