[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL_MECH and useronly

To: Kurt@OpenLDAP.org
Subject: Re: SASL_MECH and useronly
From: Luke Howard <lukeh@padl.com>
Date: Thu, 12 Jan 2006 17:29:08 +1100
Cc: openldap-devel@OpenLDAP.org
Organization: PADL Software Pty Ltd
References: <200601111220.k0BCKlxv087555@au.padl.com> <6.2.1.2.0.20060111091036.029a5688@mail.openldap.org> <200601112133.k0BLXa8s022012@au.padl.com> <6.2.1.2.0.20060111133735.02972b38@mail.openldap.org>
Versions: dmail (bsd44) 2.6d/makemail 2.10

>Note that users can tell the library to use an
>alternative ldap.conf(5) file, and hence go around
>any 'policy' the administrator tries to enforce using
>ldap.conf(5).  The administrator should use more
>appropriate means for enforcing such policy, such
>as properly configuring their server to support
>the particular set of allowed mechanisms.  (Administrators

Sure, easy with Cyrus SASL, hard with Active Directory,
although I am looking into it as it will be a lot easier
to deploy.

>The intent was for ldap.conf(5) to provide defaults
>values for command line arguments.   These defaults
>were only to be used when the user of the tool did
>not provide a value via the command line.  That is,
>the user should always be able to specify the
>desired behavior explicitly on the command line
>such that any and all defaults values are ignored.

This should still work though, even with ldap.conf(5)
specifying SASL_MECH.

-- Luke

--

Follow-Ups:
- Re: SASL_MECH and useronly
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

References:
- SASL_MECH and useronly
  - From: Luke Howard <lukeh@padl.com>
- Re: SASL_MECH and useronly
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Re: SASL_MECH and useronly
  - From: Luke Howard <lukeh@padl.com>
- Re: SASL_MECH and useronly
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: Re: SASL_MECH and useronly
Next by Date: portable.h contents in back-monitor (Was: [Fwd: commit: ldap/servers/slapd/back-monitor...)
Index(es):
- Chronological
- Thread