Yes, people do use it that way... I am not saying this is a great LDAP feature from a security point of view though.Disallowing them completely may break some current client and server implementations. I remember some people (maybe Mark Smith) from Netscape saying that they use the mechanism as some way of voluntary auditing or some such.
That sounds OK although I'll have to see the exact proposal.I prefer the compromise solution brought up in yesterday's meeting where part of the note is moved into the main body of the document with a pointer to the security considerations which contains the reasons why.