[Date Prev][Date Next] [Chronological] [Thread] [Top]

anonymous binds

To: <ietf-ldapext@netscape.com>, <ietf-ldapbis@OpenLDAP.org>
Subject: anonymous binds
From: "Jim Sermersheim" <jimse@novell.com>
Date: Tue, 14 Nov 2000 10:26:23 -0700
Cc: "Richard Ellis" <RELLIS@novell.com>
Content-disposition: inline

RFC 2251 seems to conflict itself when talking about anonymous binds. 

In 4.2 the explanation of the name field says: "This field may take on a null value (a zero length string) for the purposes of anonymous binds" which at first glance seems to imply that an empty name signifies an anon bind.

In 4.2.2, the wording is: "If no authentication is to be performed, then the simple authentication option MUST be chosen, and the password be of zero length, ... Typically the DN is also of zero length". This says (a bit more explicitly) that an empty (simple) password signifies an anonymous bind (I assume the intent was that no authentication is the same as anonymous bind).

Questions:

1) Is it the intent that "anonymous bind" and "no authentication" are equal here? If so, I propose we use the term anonymous bind in 4.2.2 to clarify.

2) Which signifies an anonymous bind, an empty name or empty simple password? I assume it's an empty password, and when an empty password is used, teh name is simply ignored by the server.

3) What does it mean to bind with an empty name and a simple password that contains data? Elsewhere, an empty DN implies the root DSE. Is there or will ther be a need to authenticate as the root DSE using simple authentication? If not, we should state that this case results in a protocolError.

Jim

Follow-Ups:
- Re: anonymous binds
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: RE: RFC2253bis: "a published table"
Next by Date: Re: anonymous binds
Index(es):
- Chronological
- Thread