[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SSL certificate auth without SASL (ITS#3286)

donn@u.washington.edu wrote:

>Full_Name: Donn Cave
>Version: HEAD (Aug 17)
>OS: n/a
>URL: http://staff.washington.edu/donn/donn-cave-040817.ext
>Submission from: (NULL) (
>Allow simple bind with no password, bind DN == SSL certificate DN.
I had a patch for this 'way back in OpenLDAP 2.0 but I abandoned it. 
There is no standard specification (e.g. RFC) for this behavior, and we 
really need to have that before a feature like this can be incorporated. 
Why can't you just use SASL/EXTERNAL? Alternatively, you can publish an 
RFC defining exactly how this feature should be (a) advertised by 
servers to clients and (b) used.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support