[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Newbie OpenLDAP-SASL question

To: "Howard Chu" <hyc@highlandsun.com>
Subject: RE: Newbie OpenLDAP-SASL question
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Fri, 15 Feb 2002 07:28:47 -0800
Cc: <manig@steltor.com>, <openldap-software@OpenLDAP.org>
In-reply-to: <NMEFLNHODBAOPDKNNJALGEKECFAA.hyc@highlandsun.com>
References: <3C6C4488.FE9E7D15@steltor.com>

At 11:45 PM 2002-02-14, Howard Chu wrote:
>Using "u:dn:cn=foo,..." is not legal. The docs say you must use either a
>"u:" prefix or a "dn:" prefix, you cannot use both at once. And as I noted
>in my previous message, the released code only allows a "u:" prefix. This
>can be
>considered a bug,

It's not a bug.  2.0 doesn't support SASL Proxy Authorization.
Since the user is not attempting a proxy authorization, the
authzid should be not-present/empty.

2.1 will support SASL Proxy Authorization.  However, unless
the user is attempting proxy authorization, the user should
not specify an authzid.

Kurt

Follow-Ups:
- Got it working
  - From: manig <manig@steltor.com>

References:
- Re: Newbie OpenLDAP-SASL question
  - From: manig <manig@steltor.com>
- RE: Newbie OpenLDAP-SASL question
  - From: "Howard Chu" <hyc@highlandsun.com>

Prev by Date: Network traffic (Time optimization problem)
Next by Date: Got it working
Index(es):
- Chronological
- Thread