Howard Chu writes:
[Pulling last line up front]userPassword is a string of *octets* not *characters*...
This is backwards. That simply means anything can be stored there - so password charset policy, if any, is up to whoever stores userPassword values.
Yupp. And this lead to interop problems.
As in fact RFC 4519 2.41 paragraph 2 says:
2.41. 'userPassword' (...) The application SHOULD prepare textual strings used as passwords by transcoding them to Unicode, applying SASLprep [RFC4013], and encoding as UTF-8. The determination of whether a password is textual is a local client matter.
And that was good progress!
Ciao, Michael.