[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: invalid Credentials v/s Inappropriate authentication

To: "Vithalprasad Gaitonde" <GVithalprasad@novell.com>
Subject: Re: invalid Credentials v/s Inappropriate authentication
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Mon, 19 Jun 2000 06:37:38 -0700
Cc: <ietf-ldapext@netscape.com>
In-reply-to: <s94d9289.079@prv-mail20.provo.novell.com>

At 03:24 AM 6/19/00 -0600, Vithalprasad Gaitonde wrote:
>Hi,
>	My query pertains to the resultcode being returned by ldap server during user authentication.
>In which cases should the ldap server return invalid credentials and when does it return Inappropriate authentication. 

It should return invalid credentials when the provided credentials are unverifiable.

>For e.g If I create a user thru ldif w/o a password attribute, the password attribute of this user will be NULL. Now when I try to login as this user with a nonNULL password, should the server return invalid credentails or Inappropriate authentication. 

InvalidCredentials.

>Where do we draw the line between these two result codes.

RFC 2251, 4.2.2:
   - inappropriateAuthentication: the server requires the client
     which had attempted to bind anonymously or without supplying
     credentials to provide some form of credentials,

That is, inappropriateAuthentication should be returned with server requires
the client to provide credentials and doesn't, invalid credentials should
be returned when the provided credentials are invalid.

Kurt

References:
- invalid Credentials v/s Inappropriate authentication
  - From: "Vithalprasad Gaitonde" <GVithalprasad@novell.com>

Prev by Date: Getting all attributes for a particular objectclass
Next by Date: Re: Getting all attributes for a particular objectclass
Index(es):
- Chronological
- Thread