[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: When to not deref aliases

To: "'Salter, Thomas A'" <Thomas.Salter@unisys.com>, "Volpers, Helmut" <helmut.volpers@icn.siemens.de>
Subject: RE: When to not deref aliases
From: "Volpers, Helmut" <helmut.volpers@icn.siemens.de>
Date: Thu, 18 Jan 2001 15:45:34 +0100
Cc: ietf-ldapbis@OpenLDAP.org


> -----Original Message-----
> From: Salter, Thomas A [mailto:Thomas.Salter@unisys.com]
> Sent: Donnerstag, 18. Januar 2001 15:20
> To: Volpers, Helmut
> Cc: ietf-ldapbis@OpenLDAP.org
> Subject: RE: When to not deref aliases
> 
> 
>  > -----Original Message-----
>  > From: Volpers, Helmut [mailto:helmut.volpers@icn.siemens.de]
>  > Sent: Thursday, January 18, 2001 9:13 AM
>  > To: 'Kurt D. Zeilenga'; Jim Sermersheim
>  > Cc: ietf-ldapbis@OpenLDAP.org; Thomas.Salter@unisys.com
>  > Subject: RE: When to not deref aliases
>  >
> 	... 
>  > 
>  > I think X.500 is here a little bit stronger it explicitly
>  > disallow the dereferencing in a Simple Bind. 
>  > Dereferencing should not be the expected behavior.
>  > 
>  > Helmut
>  > > 
>  >
> 
> How did you arrive at the conclusion that X.500 disallows 
> dereferencing?  I
> was convinced by X.509 that dereferencing is required 
> (because Bind should
> use Compare to access the entry).

1. argument:

In X.511

If simple is used, it consists of a name (always the distinguished name of
an object), an optional validity, and an optional password. This provides a
limited degree of security. 

(I interpret this "the distinguished name" that it can only be one for one
object)

2. argument

You have to "common arguments" or extensions for a simple bind where you
have the
possibility to say the server "dereference" or "don't dereference" and I
don't believe
that this functionality have a default to "dereference" and it could not be
changed.

Helmut   
>

Prev by Date: RE: When to not deref aliases
Next by Date: RE: AttributeTypeValue and binary
Index(es):
- Chronological
- Thread