[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: proxyAuth for bind (Was: Can I bind to server with DN not on server ?)



> -----Original Message-----
> From: Kurt D. Zeilenga [mailto:Kurt@OpenLDAP.org]

> One of the problems using the proxyAuthz control in chaining
> (between servers) is that it interferes with clients own use
> of the control between the client and the directory.
>
> In hallway discussions at IETF#58, we concluded that LDAP
> really needs to have a "chaining" operation which would wrap
> the client request when it was chained to another server (much
> like in X.500).  This would provide a clear separation between
> client's desires and chaining server's desires.

Sounds like time to dust off a copy of X.518 and read thru the Distributed
Authentication model... It seems a "ChainingArguments" control to accompany
any other operation would be more appropriate than a new operation.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support