[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Authorization on UIDs without bind

To: Geert Jansen <geert@boskant.nl>
Subject: Re: Authorization on UIDs without bind
From: Howard Chu <hyc@symas.com>
Date: Mon, 06 Mar 2006 14:10:41 -0800
Cc: openldap-software@OpenLDAP.org
In-reply-to: <440C9CD3.8030903@boskant.nl>
References: <440B2316.4020607@boskant.nl> <7.0.1.0.0.20060306113026.038e9bf0@OpenLDAP.org> <440C9CD3.8030903@boskant.nl>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20060227 SeaMonkey/1.5a Mnenhy/0.7.3.0

Geert Jansen wrote:

Kurt D. Zeilenga wrote:
Or you could just use SASL/EXTERNAL bind (assuming your client supports it, of course. If not, well, I'd work with its developer to add it.)
I will try that as well. However, current support for this is very poor amongst LDAP clients. My email server (postfix), IMAP server (dovecot) and web server (apache) all do not support SASL binds.

You should request appropriate enhancements from those projects. Support for SASL Binds has been a mandatory part of LDAPv3 for many ( >5 ) years.

Would be happy to follow the guidelines if this patch could be considered for inclusion. Do you think this patch is a good feature for OpenLDAP to have?

No, it's a hack to support obsolete LDAPv2 clients. It has no place in an LDAPv3 server.

--
 -- Howard Chu
 Chief Architect, Symas Corp.  http://www.symas.com
 Director, Highland Sun        http://highlandsun.com/hyc
 OpenLDAP Core Team            http://www.openldap.org/project/

References:
- Authorization on UIDs without bind
  - From: Geert Jansen <geert@boskant.nl>
- Re: Authorization on UIDs without bind
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Re: Authorization on UIDs without bind
  - From: Geert Jansen <geert@boskant.nl>

Prev by Date: Re: Authorization on UIDs without bind
Next by Date: Re: Authorization on UIDs without bind
Index(es):
- Chronological
- Thread