[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP invalid credentials and ldap_sasl_interactive_bind_s



David Wright wrote:

Why is SASL enabled by default? It seems that most client/servers out there will (by default esp for anon reads) not use SSL or SASL. Shouldn't it be /off/ by default, and if you want it, turn it on? This is a big point of contention among our IT clients.


Very, very unfortunately, SASL managed to become a part of the LDAP v3 standard.




that is so true.

I don't think the idea is necessarily bad, it's just that the implementation is not up standard. This makes any app that depends on sasl appear to be confusing, buggy and thus insecure. Case n point Cyrus IMAPD.

I agree too that -x is should be the default. In fact, I think that would be a big step forward in useability.

--Kervin