[Date Prev][Date Next] [Chronological] [Thread] [Top]

createSaslClient by the Java LDAP API

To: ietf-ldapext@netscape.com
Subject: createSaslClient by the Java LDAP API
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Wed, 04 Apr 2001 17:45:04 -0700

The Java LDAP API appears to be responsible for
calling createSaslClient() method of the Sasl class
which requires as a parameter:

      authorizationID The possibly null protocol-dependent 
                     identification to be used for authorization, e.g. 
                     user name or distinguished name. When the SASL 
                     authentication completes successfully, the entity 
                     named by authorizationId is granted access. If 
                     null, access is granted to a protocol-dependent 
                     default (for example, in LDAP this is the DN in 
                     the bind request)

How does an application using the Java LDAP API
specify the authorizationID it desires?


Also, it appears the SASL API property:
	Sasl.POLICY_NOPLAINTEXT

defaults to false.  There should be LDAP API requirement that
if the application provided properties do not include a
an explicit Sasl.POLICY_NOPLAINTEXT setting, the LDAP API
MUST set this property to true.   Also,
QOP ("javax.security.sasl.qop") defaults to 'auth'
and not 'auth-conf'.  And STRENGTH ("javax.security.sasl.strength")
defaults to "high,medium,low".  These and other properties
should be carefully examined to be sure the LDAP API defaults
them consistently with the LDAP SASL "profile" (RFC2251/2829).

Follow-Ups:
- Re: createSaslClient by the Java LDAP API
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Re: createSaslClient by the Java LDAP API
  - From: Rob Weltman <robw@coscend.com>
- Re: createSaslClient by the Java LDAP API
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: Re: java api bind() methods
Next by Date: Re: createSaslClient by the Java LDAP API
Index(es):
- Chronological
- Thread