Re: createSaslClient by the Java LDAP API

[Rob Weltman <robw@coscend.com>]

"Kurt D. Zeilenga" wrote:
> 
> At 08:11 PM 4/4/01 -0700, Rob Weltman wrote:
> >"Kurt D. Zeilenga" wrote:
> >>
> >> The Java LDAP API appears to be responsible for
> >> calling createSaslClient() method of the Sasl class
> >> which requires as a parameter:
> >>
> >>       authorizationID The possibly null protocol-dependent
> >>                      identification to be used for authorization, e.g.
> >>                      user name or distinguished name. When the SASL
> >>                      authentication completes successfully, the entity
> >>                      named by authorizationId is granted access. If
> >>                      null, access is granted to a protocol-dependent
> >>                      default (for example, in LDAP this is the DN in
> >>                      the bind request)
> >>
> I would suggest the addition of a separate argument to the
> SASL bind() methods:
>         authzId         If not null nor empty, an LDAP authzId (RFC2829).
>                         This parameter SHOULD be passed to the SASL layer
>                         unmodified.

  That would cause ambiguity if both a DN and an authzId were supplied.

Rob