[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: GSSAPI interoperabity with ActiveDirectory (ITS#884)

Hi Kurt,
> >OpenLDAP
> >expects serverSaslCreds to be absent since this field is optional. My patch
> >checks
> >if there really is some data in the last serverSaslCreds and only aborts then.
> Please note that the presence of an empty OPTIONAL field is not
> semantically the same as the absence of the field.

But is it wrong of AD to send empty serverSaslCreds along with SUCCESS,
ie. why should OpenLDAP fail on receiving such a BindResponse?

Norbert Klasen
DFN Directory Services                           tel: +49 7071 29 70335
ZDV, Universität Tübingen                        fax: +49 7071 29 5912
Wächterstr. 76, 72074 Tübingen              http://www.directory.dfn.de
Germany                             norbert.klasen@zdv.uni-tuebingen.de