On 6/20/21 2:03 PM, trantorvega(a)gmail.com wrote:
I am writing here (hopefully it's the right list for the topic)
ask about IDN (Internationalized Domain Names) support in OpenLDAP
and LDAP in general.> I've been perusing IETF documents and all I could find was a
of expired drafts, 18 and 20 years old, pertaining the topic.>
Does anyone have more information on the topic and maybe on why those drafts went
Basically those attempts got stuck and in general LDAP work at the IETF
does not happen anymore.
But this is a pretty broad topic affecting various use-cases. Which
particular use-case(s) do you have in mind?
In my web2ldap I encode Unicode input values for domain names (dc,
associatedDomain, domain part of mail, etc.) as IDNA and I decode the
IDNA when displaying the values. Note that displaying Unicode strings is
subject to homograph attacks.
E-mail addresses are more complicated because of UTF-8 in the local part
and thus you need a separate attribute. And well, you need MTAs support
SMTPUTF8, which is AFAIK currently only supported by postfix.
My own naive attempt for an LDAP attribute was:
For e-mail addresses there also has been more recent work for X.509
certs. Especially RFC 8398 defines matching rules:
All in all this is not just a matter of the LDAP schema.