[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: createSaslClient by the Java LDAP API
"Kurt D. Zeilenga" wrote:
>
> At 08:11 PM 4/4/01 -0700, Rob Weltman wrote:
> >"Kurt D. Zeilenga" wrote:
> >>
> >> The Java LDAP API appears to be responsible for
> >> calling createSaslClient() method of the Sasl class
> >> which requires as a parameter:
> >>
> >> authorizationID The possibly null protocol-dependent
> >> identification to be used for authorization, e.g.
> >> user name or distinguished name. When the SASL
> >> authentication completes successfully, the entity
> >> named by authorizationId is granted access. If
> >> null, access is granted to a protocol-dependent
> >> default (for example, in LDAP this is the DN in
> >> the bind request)
> >>
> I would suggest the addition of a separate argument to the
> SASL bind() methods:
> authzId If not null nor empty, an LDAP authzId (RFC2829).
> This parameter SHOULD be passed to the SASL layer
> unmodified.
That would cause ambiguity if both a DN and an authzId were supplied.
Rob