[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#5777) slapd should reject BindRequest with 'name' when SASL bind is sent

To: openldap-its@OpenLDAP.org
Subject: (ITS#5777) slapd should reject BindRequest with 'name' when SASL bind is sent
From: michael@stroeder.com
Date: Wed, 29 Oct 2008 09:56:39 GMT

Full_Name: Michael Ströder
Version: HEAD
OS: Linux
URL: 
Submission from: (NULL) (84.163.120.227)


This is somewhat related to the client tool modification in ITS#5753.

I wonder whether it would be worth that slapd rejects a SASL bind request with
BindRequest.name set (normally used for simple bind) returning a protocolError
error code.

Example for an inconsistent use of -D and -U with SASL/DIGEST-MD5 at the
command-line:

$ ldapwhoami -D "cn=root,dc=stroeder,dc=de" -W -U michael -Y DIGEST-MD5
Enter LDAP Password: 
SASL/DIGEST-MD5 authentication started
SASL username: michael
SASL SSF: 128
SASL data security layer installed.
dn:cn=michael ströder,ou=private,dc=stroeder,dc=de

Prev by Date: Re: (ITS#5753) Command-line tools: Handling of -x and -D vs. -Y and -U
Next by Date: Re: (ITS#5777) slapd should reject BindRequest with 'name' when SASL bind is sent
Index(es):
- Chronological
- Thread