[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: createSaslClient by the Java LDAP API
At 08:06 AM 4/5/01 -0700, Rob Weltman wrote:
>"Kurt D. Zeilenga" wrote:
>>
>> At 08:11 PM 4/4/01 -0700, Rob Weltman wrote:
>> >"Kurt D. Zeilenga" wrote:
>> >>
>> >> The Java LDAP API appears to be responsible for
>> >> calling createSaslClient() method of the Sasl class
>> >> which requires as a parameter:
>> >>
>> >> authorizationID The possibly null protocol-dependent
>> >> identification to be used for authorization, e.g.
>> >> user name or distinguished name. When the SASL
>> >> authentication completes successfully, the entity
>> >> named by authorizationId is granted access. If
>> >> null, access is granted to a protocol-dependent
>> >> default (for example, in LDAP this is the DN in
>> >> the bind request)
>> >>
>> I would suggest the addition of a separate argument to the
>> SASL bind() methods:
>> authzId If not null nor empty, an LDAP authzId (RFC2829).
>> This parameter SHOULD be passed to the SASL layer
>> unmodified.
>
> That would cause ambiguity if both a DN and an authzId were supplied.
The dn parameter is the bind name, the authzId parameter is the
SASL authorization identity. That's a one-to-one API parameter
to protocol element relationship, I see no ambiguity.
Kurt