Re: java api bind() methods

["Kurt D. Zeilenga" <Kurt@OpenLDAP.org>]

At 04:40 PM 4/4/01 -0700, Rob Weltman wrote:
>"Kurt D. Zeilenga" wrote:
>> 
>> Okay... so the confusion I had must have been this language:
>> 
>>       dn              If non-null and non-empty, specifies that the
>>                       connection and all operations through it should
>>                       be authenticated with dn as the distinguished
>>                       name.
>> 
>> Shouldn't this just be:
>> 
>>         dn              The distinguished name to use as the bind name.
>> 
>> as clearly in your example it's the callback which is providing
>> the authentication identity.
>
>
>  Your formulation is fine with me, if it is more clear than what is in the draft.

My only concern would be to ensure that the API is not doing
else with this name, such as providing it to the SASL layer
as either an authentication or authorization identity, which
would cause the example code you provided not to behave as
intended.

Hence, I would suggest:

        dn              The distinguished name to use as the bind name.
                        This value is not used as either a SASL
                        authentication nor authorization identity.
                        The application provides these identities
                        via other facilities.

Detailing these facilities, of course, would be quite appropriate.