[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
createSaslClient by the Java LDAP API
The Java LDAP API appears to be responsible for
calling createSaslClient() method of the Sasl class
which requires as a parameter:
authorizationID The possibly null protocol-dependent
identification to be used for authorization, e.g.
user name or distinguished name. When the SASL
authentication completes successfully, the entity
named by authorizationId is granted access. If
null, access is granted to a protocol-dependent
default (for example, in LDAP this is the DN in
the bind request)
How does an application using the Java LDAP API
specify the authorizationID it desires?
Also, it appears the SASL API property:
Sasl.POLICY_NOPLAINTEXT
defaults to false. There should be LDAP API requirement that
if the application provided properties do not include a
an explicit Sasl.POLICY_NOPLAINTEXT setting, the LDAP API
MUST set this property to true. Also,
QOP ("javax.security.sasl.qop") defaults to 'auth'
and not 'auth-conf'. And STRENGTH ("javax.security.sasl.strength")
defaults to "high,medium,low". These and other properties
should be carefully examined to be sure the LDAP API defaults
them consistently with the LDAP SASL "profile" (RFC2251/2829).