[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: When to not deref aliases
> -----Original Message-----
> From: Salter, Thomas A [mailto:Thomas.Salter@unisys.com]
> Sent: Donnerstag, 18. Januar 2001 15:20
> To: Volpers, Helmut
> Cc: ietf-ldapbis@OpenLDAP.org
> Subject: RE: When to not deref aliases
>
>
> > -----Original Message-----
> > From: Volpers, Helmut [mailto:helmut.volpers@icn.siemens.de]
> > Sent: Thursday, January 18, 2001 9:13 AM
> > To: 'Kurt D. Zeilenga'; Jim Sermersheim
> > Cc: ietf-ldapbis@OpenLDAP.org; Thomas.Salter@unisys.com
> > Subject: RE: When to not deref aliases
> >
> ...
> >
> > I think X.500 is here a little bit stronger it explicitly
> > disallow the dereferencing in a Simple Bind.
> > Dereferencing should not be the expected behavior.
> >
> > Helmut
> > >
> >
>
> How did you arrive at the conclusion that X.500 disallows
> dereferencing? I
> was convinced by X.509 that dereferencing is required
> (because Bind should
> use Compare to access the entry).
1. argument:
In X.511
If simple is used, it consists of a name (always the distinguished name of
an object), an optional validity, and an optional password. This provides a
limited degree of security.
(I interpret this "the distinguished name" that it can only be one for one
object)
2. argument
You have to "common arguments" or extensions for a simple bind where you
have the
possibility to say the server "dereference" or "don't dereference" and I
don't believe
that this functionality have a default to "dereference" and it could not be
changed.
Helmut
>