[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: createSaslClient by the Java LDAP API
At 08:11 PM 4/4/01 -0700, Rob Weltman wrote:
>"Kurt D. Zeilenga" wrote:
>>
>> The Java LDAP API appears to be responsible for
>> calling createSaslClient() method of the Sasl class
>> which requires as a parameter:
>>
>> authorizationID The possibly null protocol-dependent
>> identification to be used for authorization, e.g.
>> user name or distinguished name. When the SASL
>> authentication completes successfully, the entity
>> named by authorizationId is granted access. If
>> null, access is granted to a protocol-dependent
>> default (for example, in LDAP this is the DN in
>> the bind request)
>>
>> How does an application using the Java LDAP API
>> specify the authorizationID it desires?
>
> As the DN parameter of the bind() operation.
>
> The Java LDAP API draft predates RFC 2829 by quite a bit. Perhaps it should change the definition of the parameter to allow a username as alternative to DN.
I would suggest the addition of a separate argument to the
SASL bind() methods:
authzId If not null nor empty, an LDAP authzId (RFC2829).
This parameter SHOULD be passed to the SASL layer
unmodified.