[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP invalid credentials and ldap_sasl_interactive_bind_s

To: David Wright <ichbin@shadlen.org>
Subject: Re: LDAP invalid credentials and ldap_sasl_interactive_bind_s
From: "Kervin L. Pierre" <kervin@blueprint-tech.com>
Date: Tue, 07 May 2002 01:55:11 -0400
Cc: Emilio Recio <polywog@navpoint.com>, openldap-software@OpenLDAP.org
References: <1020610790.3519.15.camel@pegasus> <20020505160054.GA7902@boost.horde.net> <3CD72E2E.7040302@navpoint.com> <3CD73015.2030701@shadlen.org>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.0+) Gecko/20020428

David Wright wrote:

Why is SASL enabled by default? It seems that most client/servers out there will (by default esp for anon reads) not use SSL or SASL. Shouldn't it be /off/ by default, and if you want it, turn it on? This is a big point of contention among our IT clients.
Very, very unfortunately, SASL managed to become a part of the LDAP v3 standard.


that is so true.

I don't think the idea is necessarily bad, it's just that the implementation is not up standard. This makes any app that depends on sasl appear to be confusing, buggy and thus insecure. Case n point Cyrus IMAPD.

I agree too that -x is should be the default. In fact, I think that would be a big step forward in useability.

--Kervin

References:
- LDAP invalid credentials and ldap_sasl_interactive_bind_s
  - From: Stat <flavio@stat.com.br>
- Re: LDAP invalid credentials and ldap_sasl_interactive_bind_s
  - From: John Morrissey <jwm@horde.net>
- Re: LDAP invalid credentials and ldap_sasl_interactive_bind_s
  - From: Emilio Recio <polywog@navpoint.com>
- Re: LDAP invalid credentials and ldap_sasl_interactive_bind_s
  - From: David Wright <ichbin@shadlen.org>

Prev by Date: ACL problem with version 2.0.23
Next by Date: Re: LDAP invalid credentials and ldap_sasl_interactive_bind_s
Index(es):
- Chronological
- Thread