[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#5195) ssf not available during sasl bind

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#5195) ssf not available during sasl bind
From: quanah@zimbra.com
Date: Mon, 29 Oct 2007 17:22:12 GMT

--On Monday, October 29, 2007 5:08 PM +0000 h.b.furuseth@usit.uio.no wrote:

> Also, repeating an old point, remember that the "security" keyword
> produces better error messages ("Confidentiality required") than
> "access ... ssf=..." ("Insufficient access" for updates, "Invalid
> credentials" for Bind).  With the latter, the user likely thinks
> he mistyped the password and sends it again unencrypted.

The problem with the security directive that the user ran into, however, I 
don't see a way to get around.  Which is there is no "OR" support.  I.e., 
you can't say, I want the user to have a TLS of 128 OR SASL SSF of 128.  If 
you specify both, both are required.

--Quanah

--

Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra ::  the leader in open source messaging and collaboration

Prev by Date: Re: (ITS#5195) ssf not available during sasl bind
Next by Date: Re: (ITS#5195) ssf not available during sasl bind
Index(es):
- Chronological
- Thread