[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Proxy Authz interoperability of Sun's JNDI LDAP boost pack and OpenLDAP



AFAIK, Sun encodes the proxyAuthz requests a'la Mozilla, which is
inconsistent with RFC 4370.  In OpenLDAP's code there are limited
provisions to handle those cases.  For example, back-ldap/meta can use
that encoding by the "obsolete-encoding-workaround" flag; it can also
use the original specification of proxyAuthz by the
"obsolete-proxy-authz" flag (I think they're both undocumented, though).

OpenLDAP clients can only request the use of the obsolete encoding.

These hacks are necessary when using SunONE, I don't know if they are
with other LDAP-enabled software from Sun.  We developed a custom module
that allows slapd to understand both the obsolete control (no issue,
since it uses a different OID) as well as the obsolete encoding (issue:
it uses the RFC 4370 OID, so it is incompatible with the correct
implementation).

p.



Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
---------------------------------------
Office:  +39 02 23998309
Mobile:  +39 333 4963172
Email:   pierangelo.masarati@sys-net.it
---------------------------------------