Hallvard B Furuseth wrote:
Howard Chu writes:
It is your application's responsibility to convert between local time and GMT when interacting with the directory.
Remember that LDAP is a wide area system, accessible from anywhere in the world. Storing local time in the directory would be meaningless for clients that don't understand your timezone's rules, but all computer systems know how to handle GMT.
That's not right. Remember that the Generalized Time syntax (used by e.g. modifyTimestamp) requires a suffix with the timezone: Either 'Z' for GMT, or '+/-hh[mm]'.
That's true, yes.
Clients don't need to know any particular timezone's rules to handle that, they only need to know how to convert between specified timezones.
In practice this is extremely easy to get wrong. It requires every client to do two transformations - one to convert local time to GMT, and one to convert stored time to GMT, before comparisons can be done. It also requires extra transformations in the server, since system time is always tracked in GMT. Keeping directory times in canonical form (GMT) means only a single (local to GMT) transformation is ever needed.