[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: sasl authz 'dn:' type normalization (ITS#2852)
This is a multi-part message in MIME format.
--D294A5BF88E82EAE1C011D0E492E70AE4B8CF67D
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Kurt D. Zeilenga wrote:
> I note that the documentation for saslAuthTo/From and sasl-regex
> imply the match parameter is applied against a DN, not an
> authzid. We should clean that up.
>
> I think it is okay to use ACL-like DN style indicators here,
> but I would prefer that dn: imply dn.exact: not dn.regex:.
> This because the value in dn:value is, per RFC 2829, is a DN.
OK. The code currently defers the "dn:" case treatment
to its use, so it-s safe to use it with a regex, but
I'll turn it into exact and see if anyone complains.
>
> Also, we might consider adding support for other styles (dn.sub,
> dn.children, etc.) where that would make sense. And, u:userid
> might also make sense in some places.
I'll work on the other cases later. I think they all make
sense, and this is a place where code optimization with minimal
effort can be of value.
Ando.
--
Dr. Pierangelo Masarati mailto:pierangelo.masarati@sys-net.it
LDAP Architect, SysNet s.n.c. http://www.sys-net.it
--D294A5BF88E82EAE1C011D0E492E70AE4B8CF67D
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Disposition: inline; filename=disclaimer.txt
+----------------------------------------------------------------------------+
| SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax:+390382476497 |
+----------------------------------------------------------------------------+
--D294A5BF88E82EAE1C011D0E492E70AE4B8CF67D--