[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: mutiple sasl_bind within the same ldap session (ITS#2424)

To: openldap-its@OpenLDAP.org
Subject: RE: mutiple sasl_bind within the same ldap session (ITS#2424)
From: hyc@highlandsun.com
Date: Tue, 8 Apr 2003 23:31:23 GMT

> -----Original Message-----
> From: Igor Brezac [mailto:igor@ipass.net]

> On Sun, 6 Apr 2003, Howard Chu wrote:

> > A way to make this work is to use two SASL Bind requests -
> one with no mech
> > or parameters, simply to shutdown the current SASL session,
> and then the real
> > Bind using the new SASL context. This approach needs to be
> endorsed by both
> > the SASL and LDAP protocol designers.
> >
> > Having spelled this all out, I leave it in your hands.
>
> The second option appears easier to implement, no changes on
> the server side.  Correct?

The server needs to be modified to support this behavior. The changes are
complicated by dependencies on TLS to support SASL/EXTERNAL.

> Or, what is worng with sasl_bind() doing a close
> and then open before it proceeds?

Nothing is wrong with this; that would make the most sense on the client
side.

Feel free to submit patches implementing these changes.
  -- Howard

Prev by Date: Re: Flaw in design about how delete's are handled (ITS#2425)
Next by Date: Feature request: aliasing (ITS#2432)
Index(es):
- Chronological
- Thread