[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: commit: ldap/servers/slapd/back-ldap back-ldap.h bind.c

To: ando@sys-net.it
Subject: Re: commit: ldap/servers/slapd/back-ldap back-ldap.h bind.c
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Sat, 19 Jun 2004 12:29:27 -0700
Cc: "OpenLDAP Commit" <openldap-commit2devel@OpenLDAP.org>
In-reply-to: <4337.151.29.240.132.1087672152.squirrel@151.29.240.132>
References: <200406191618.i5JGIQ7q050128@cantor.openldap.org> <6.0.1.1.0.20040619100346.02cb0988@127.0.0.1> <4337.151.29.240.132.1087672152.squirrel@151.29.240.132>

At 12:09 PM 6/19/2004, Pierangelo Masarati wrote:

>> At 09:18 AM 6/19/2004, ando@OpenLDAP.org wrote:
>>>Log Message:
>>>allow a hidden parameter to instruct the proxy that the SASL mech can do
>>> native authz; will disappear as soon as I can detect it automnatically
>>
>> Hmmm... I don't think slapd(8) should be coded with this
>> kind of knowledge.  If the user configures back-ldap
>> to use SASL proxy authorization, the user should configure
>> back-ldap to use a SASL mechanism which supports
>> proxy authorization.  If the user fails to do this, that's
>> his problem.
>
>Well, currently the code can do proxy authorization in two ways:
>1) by adding a proxyAuthz control to all operations
>2) by using the native SASL authorization at SASL bind

I'd prefer this be a configuration choice, instead of
requiring slapd to know particulars of SASL mechanisms.

Kurt

Follow-Ups:
- Re: commit: ldap/servers/slapd/back-ldap back-ldap.h bind.c
  - From: "Pierangelo Masarati" <ando@sys-net.it>

References:
- Re: commit: ldap/servers/slapd/back-ldap back-ldap.h bind.c config.c init.c
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Re: commit: ldap/servers/slapd/back-ldap back-ldap.h bind.c
  - From: "Pierangelo Masarati" <ando@sys-net.it>

Prev by Date: Re: commit: ldap/servers/slapd/back-ldap back-ldap.h bind.c
Next by Date: Re: commit: ldap/servers/slapd/back-ldap back-ldap.h bind.c
Index(es):
- Chronological
- Thread