[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Newbie OpenLDAP-SASL question



At 11:45 PM 2002-02-14, Howard Chu wrote:
>Using "u:dn:cn=foo,..." is not legal. The docs say you must use either a
>"u:" prefix or a "dn:" prefix, you cannot use both at once. And as I noted
>in my previous message, the released code only allows a "u:" prefix. This
>can be
>considered a bug,

It's not a bug.  2.0 doesn't support SASL Proxy Authorization.
Since the user is not attempting a proxy authorization, the
authzid should be not-present/empty.

2.1 will support SASL Proxy Authorization.  However, unless
the user is attempting proxy authorization, the user should
not specify an authzid.

Kurt