Re: proxyAuthz value encoding

[Howard Chu <hyc@symas.com>]

Pierangelo Masarati wrote:
> > We have a proxyOld.c module that we bundle with Connexitor that handles
> > part of the problem. It dynamically adds a new control handler that
> > recognizes the obsolete OID and parses its values, then does the usual
> > slap_sasl_authorized validation. I don't think supporting this obsolete
> > spec in the mainline code is a good idea.
> >     
>
> My problem is different: I don't care about supporting it at control
> __decoding__; I need to support it at control __encoding__, when
> requesting proxyAuthz inside back-ldap.  This wouldn't be mainstream at
> all, IMHO.
>
> p.
>   

Right, as I said that only handled part of the problem, but it was 
sufficient for allowing back-ldap to pass through an old-style control 
to a remote SunOne server. I can see that you would need to add config  
support etc. for generating this control internally in back-ldap. It 
still seems dodgy to me; Sun ought to have updated their servers to 
support the newer spec ages ago. The version of the draft that they 
support is over 5 years old, it's bordering on LDAPv2 Historical territory.

--
 -- Howard Chu
 Chief Architect, Symas Corp.  http://www.symas.com
 Director, Highland Sun        http://highlandsun.com/hyc
 OpenLDAP Core Team            http://www.openldap.org/project/