[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: commit: ldap/doc/man/man5 slapd-ldap.5

To: ando@OpenLDAP.org
Subject: Re: commit: ldap/doc/man/man5 slapd-ldap.5
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Thu, 13 May 2004 16:38:56 -0700
Cc: OpenLDAP Commit <openldap-commit2devel@OpenLDAP.org>
In-reply-to: <200405132135.i4DLZdeq002513@cantor.openldap.org>
References: <200405132135.i4DLZdeq002513@cantor.openldap.org>

Some suggestions...

Start TLS?
SASL Bind (for both bind and proxy authcid)
  with authzid assertion (at SASL Bind time) for both

idassert-mode <dn> should likely be idassert-mode <authzid>.
That is, either dn:uid=foo,dc=example,dc=com or u:foo should be
allowed.

I think modes are confusing.  I suggest:
        none - no proxy authz control
        user (or self) - proxy authz control with client's authz
        anonymous - anonymous proxy authz control
                (same as <authz> with "")
        <authz> - as specified

(I don't see what your fifth choice is for.)

Kurt


At 02:35 PM 5/13/2004, ando@OpenLDAP.org wrote:
>Update of /repo/OpenLDAP/pkg/ldap/doc/man/man5
>
>Modified Files:
>        slapd-ldap.5  1.15 -> 1.16
>
>Log Message:
>document proxyauthz{dn|pw} and idassert-*
>
>CVS Web URLs:
>  http://www.openldap.org/devel/cvsweb.cgi/doc/man/man5/
>    http://www.openldap.org/devel/cvsweb.cgi/doc/man/man5/slapd-ldap.5
>
>Changes are generally available on cvs.openldap.org (and CVSweb)
>within 30 minutes of being committed.

Follow-Ups:
- Re: commit: ldap/doc/man/man5 slapd-ldap.5
  - From: "Pierangelo Masarati" <ando@sys-net.it>
- Re: commit: ldap/doc/man/man5 slapd-ldap.5
  - From: "Pierangelo Masarati" <ando@sys-net.it>
- Identity assertion in proxy (Was: commit: ldap/doc/man/man5 slapd-ldap.5)
  - From: "Pierangelo Masarati" <ando@sys-net.it>

Prev by Date: Re: empty ID in proxyAuthz control?
Next by Date: Re: commit: ldap/doc/man/man5 slapd-ldap.5
Index(es):
- Chronological
- Thread