Re: [ldapext] Authentication information in LDAP URLs (was: Complex knowledge information)

[Stig Venaas <Stig.Venaas@uninett.no>]

On Fri, Apr 23, 2004 at 04:58:32PM +0200, Michael Ströder wrote:
> Howard Chu wrote:
> >>
> >>- Authentication information (instructions on how to authenticate to
> >>the remote service)
> >
> >In the case of a foreign/untrusted server, generally it would be
> >inappropriate for the local server to automatically tell the client 
> >anything
> >about how to authenticate/authorize.
> 
> Since most times I have the client-side view I'd like to focus on 
> authentication information in LDAP URLs.
> 
> Are there any client implementations out there using the bindname extension 
> of LDAP URLs? If yes, how do they treat it? My web2ldap simply presents a 
> login form asking for the credential (password) for this bind DN.

I have an LDAP application where I use LDAP URL for configuring server,
search base etc. but also bindname and x-bindpw. I found several other
applications (including web2ldap if I remember correctly) that supports
x-bindpw. I think it's convenient to have an LDAP URL in the configu-
ration file of my client containing all the LDAP related parameters.
As for security, it doesn't really matter if a plain text password is
part of the URL or configured separately since the URL is never exposed
anywhere else. I would be much more concerned about referrals.

Is anyone else interested in standardizing bindpw, there are lots of
implementations and also an old internet draft mentioning it. Do a
google search for "x-bindpw" and you will find a lot. Would some
other name be appropriate? Something that can be used with different
types of credentials for different authentication schemes?

Stig

_______________________________________________
Ldapext mailing list
Ldapext@ietf.org
https://www1.ietf.org/mailman/listinfo/ldapext