[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: saslAuthz{To|From}
Kurt D. Zeilenga wrote:
At 07:22 AM 12/13/2003, Pierangelo Masarati wrote:
For the mech, I'd rather add another operator, to do
"u:jane@realm/mech"
I would rather leave the <style> modifier to further
additions ...
Well, the problem is that userid and realm strings have few
character restrictions. Even u.mech.realm:userid is bad
because the realm name can contain colons.
whatever separator we pick, in case only one extension
is added, e.g.: u<sep>foo: there would be no means
to tell whether foo is the realm or the mechanism.
For now, I suggest we just don't generate cn=realm RDNs
for these authzids. And, for mechanisms, I'm fine with
only generating cn=authzid RDN for authzid appearing
in the policy information.
This is required to use the proxyAuthz control with sasl-regexp
that makes use of the realm, as in ITS#2871. The only workaround
I could find without any need to recode was "u:<user>@<realm>"
We can leave u.mech and u.mech.realm (or alternatives) to
a later date. I don't think they are generally needed.
Sure. It's definitely not a priority for me.
Ando.
--
Dr. Pierangelo Masarati mailto:pierangelo.masarati@sys-net.it
LDAP Architect, SysNet s.n.c. http://www.sys-net.it
+----------------------------------------------------------------------------+
| SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax:+390382476497 |
+----------------------------------------------------------------------------+