Re: (ITS#6839) Expanded documentation for ldapi: and SASL EXTERNAL

[hyc@symas.com]

Andrew Findlay wrote:
> On Fri, Feb 18, 2011 at 02:56:16PM -0800, Howard Chu wrote:
>
>> re: TLS Authentication Identity Format
>>
>> Strictly speaking, the order of components is not changed at all.
>> The sequence of RDNs in the DN is what it is; just that the
>> convention for *displaying* it is ass-backwards in LDAP. I'm afraid
>> the wording here will confuse people into thinking that the
>> *semantics* of the DN are changed, when it's only a display issue.
>
> Good point. Updated wording attached.

Thanks, applied with formatting tweaks.
>
> Andrew
>
>
> sasl-x509-dn-doc.patch
>
>
> --- sasl.sdf.head	2011-02-18 23:03:07.000000000 +0000
> +++ sasl.sdf	2011-02-22 14:30:25.947887979 +0000
> @@ -1,4 +1,4 @@
> -# $OpenLDAP: pkg/openldap-guide/admin/sasl.sdf,v 1.51 2011/02/18 23:03:07 hyc Exp $
> +# $OpenLDAP: pkg/openldap-guide/admin/sasl.sdf,v 1.34.2.12 2011/01/04 23:49:40 kurt Exp $
>   # Copyright 1999-2011 The OpenLDAP Foundation, All Rights Reserved.
>   # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
>
> @@ -302,9 +302,9 @@
>
>   H4: TLS Authentication Identity Format
>
> -This is usually the Subject DN from the client-side certificate.
> -The order of the components will be changed to follow LDAP conventions,
> -so a certificate issued to {{EX:C=gb, O=The Example Organisation, CN=A Person}}
> +This is the Subject DN from the client-side certificate.
> +Note that DNs are displayed differently by LDAP and by X.509, so
> +a certificate issued to {{EX:C=gb, O=The Example Organisation, CN=A Person}}
>   will produce an authentication identity of:
>
>   >  cn=A Person,o=The Example Organisation,c=gb


-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/