[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: saslAuthz{To|From}

To: Pierangelo Masarati <ando@sys-net.it>
Subject: Re: saslAuthz{To|From}
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Sat, 13 Dec 2003 07:48:09 -0800
Cc: openldap-devel@OpenLDAP.org
In-reply-to: <3FDB2EB0.7080508@sys-net.it>
References: <3FDAF876.2000903@sys-net.it> <3FDB1E01.3080208@sys-net.it> <6.0.0.22.0.20031213064531.04227d60@127.0.0.1> <3FDB2EB0.7080508@sys-net.it>

At 07:22 AM 12/13/2003, Pierangelo Masarati wrote:
>For the mech, I'd rather add another operator, to do
>
>"u:jane@realm/mech"
>
>I would rather leave the <style> modifier to further
>additions ... 

Well, the problem is that userid and realm strings have few
character restrictions.  Even u.mech.realm:userid is bad
because the realm name can contain colons.

For now, I suggest we just don't generate cn=realm RDNs
for these authzids.  And, for mechanisms, I'm fine with
only generating cn=authzid RDN for authzid appearing
in the policy information.

We can leave u.mech and u.mech.realm (or alternatives) to
a later date.  I don't think they are generally needed.

Kurt

Follow-Ups:
- Re: saslAuthz{To|From}
  - From: Pierangelo Masarati <ando@sys-net.it>

References:
- saslAuthz{To|From}
  - From: Pierangelo Masarati <ando@sys-net.it>
- Re: saslAuthz{To|From}
  - From: Pierangelo Masarati <ando@sys-net.it>
- Re: saslAuthz{To|From}
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Re: saslAuthz{To|From}
  - From: Pierangelo Masarati <ando@sys-net.it>

Prev by Date: Re: saslAuthz{To|From}
Next by Date: Re: saslAuthz{To|From}
Index(es):
- Chronological
- Thread