Re: SASL EXTERNAL with TLS Authentication

[Michael Ströder <michael@stroeder.com>]

Karsten Künne wrote:
> On Thursday 14 March 2002 12:40, Michael Ströder wrote:
> | Karsten Künne wrote:
> |  > member: uid=/C=US/ST=New York/L=East Setauket/O=Renaissance Technologies
> |  > Corp.
> |  >  /CN=Karsten Kuenne/Email=kuenne@rentec.com
> |
> | This violates the schema (besides other caveats with DIT etc.):
> |
> | attributetype ( 2.5.4.31 NAME 'member' SUP distinguishedName )
>
> I know, but what do you do in 2.0.23 without saslregexp support? At least 
> Openldap accepts it (and other invalid constructions for the member attribute 

It violates the schema and therefore will cause nothing than grief with e.g. 
other LDAP admin software.

The second thing is that this string representation (or at least the OpenSSL 
implementation) does not care about escaping special chars not to speak of 
string normalization for international chars. Basically it's a hack. That's 
why there is an explicit RFC2253 compliant string output of DNs in OpenSSL 
nowadays.

> which are also not really valid dn's like "member:
> uid=kuenne+realm=RENTEC.COM"

You mean uid=kuenne+realm=RENTEC.COM ? What's wrong with that?

Ciao, Michael.