[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#6839) Expanded documentation for ldapi: and SASL EXTERNAL
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#6839) Expanded documentation for ldapi: and SASL EXTERNAL
- From: hyc@symas.com
- Date: Wed, 23 Feb 2011 02:41:06 GMT
- Auto-submitted: auto-generated (OpenLDAP-ITS)
Andrew Findlay wrote:
> On Fri, Feb 18, 2011 at 02:56:16PM -0800, Howard Chu wrote:
>
>> re: TLS Authentication Identity Format
>>
>> Strictly speaking, the order of components is not changed at all.
>> The sequence of RDNs in the DN is what it is; just that the
>> convention for *displaying* it is ass-backwards in LDAP. I'm afraid
>> the wording here will confuse people into thinking that the
>> *semantics* of the DN are changed, when it's only a display issue.
>
> Good point. Updated wording attached.
Thanks, applied with formatting tweaks.
>
> Andrew
>
>
> sasl-x509-dn-doc.patch
>
>
> --- sasl.sdf.head 2011-02-18 23:03:07.000000000 +0000
> +++ sasl.sdf 2011-02-22 14:30:25.947887979 +0000
> @@ -1,4 +1,4 @@
> -# $OpenLDAP: pkg/openldap-guide/admin/sasl.sdf,v 1.51 2011/02/18 23:03:07 hyc Exp $
> +# $OpenLDAP: pkg/openldap-guide/admin/sasl.sdf,v 1.34.2.12 2011/01/04 23:49:40 kurt Exp $
> # Copyright 1999-2011 The OpenLDAP Foundation, All Rights Reserved.
> # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
>
> @@ -302,9 +302,9 @@
>
> H4: TLS Authentication Identity Format
>
> -This is usually the Subject DN from the client-side certificate.
> -The order of the components will be changed to follow LDAP conventions,
> -so a certificate issued to {{EX:C=gb, O=The Example Organisation, CN=A Person}}
> +This is the Subject DN from the client-side certificate.
> +Note that DNs are displayed differently by LDAP and by X.509, so
> +a certificate issued to {{EX:C=gb, O=The Example Organisation, CN=A Person}}
> will produce an authentication identity of:
>
> > cn=A Person,o=The Example Organisation,c=gb
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/