[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#6839) Expanded documentation for ldapi: and SASL EXTERNAL

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#6839) Expanded documentation for ldapi: and SASL EXTERNAL
From: andrew.findlay@skills-1st.co.uk
Date: Tue, 22 Feb 2011 14:34:18 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

--GRPZ8SYKNexpdSJ7
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

On Fri, Feb 18, 2011 at 02:56:16PM -0800, Howard Chu wrote:

> re: TLS Authentication Identity Format
> 
> Strictly speaking, the order of components is not changed at all.
> The sequence of RDNs in the DN is what it is; just that the
> convention for *displaying* it is ass-backwards in LDAP. I'm afraid
> the wording here will confuse people into thinking that the
> *semantics* of the DN are changed, when it's only a display issue.

Good point. Updated wording attached.

Andrew
-- 
-----------------------------------------------------------------------
|                 From Andrew Findlay, Skills 1st Ltd                 |
| Consultant in large-scale systems, networks, and directory services |
|     http://www.skills-1st.co.uk/                +44 1628 782565     |
-----------------------------------------------------------------------

--GRPZ8SYKNexpdSJ7
Content-Type: text/x-patch; charset=us-ascii
Content-Disposition: attachment; filename="sasl-x509-dn-doc.patch"

--- sasl.sdf.head	2011-02-18 23:03:07.000000000 +0000
+++ sasl.sdf	2011-02-22 14:30:25.947887979 +0000
@@ -1,4 +1,4 @@
-# $OpenLDAP: pkg/openldap-guide/admin/sasl.sdf,v 1.51 2011/02/18 23:03:07 hyc Exp $
+# $OpenLDAP: pkg/openldap-guide/admin/sasl.sdf,v 1.34.2.12 2011/01/04 23:49:40 kurt Exp $
 # Copyright 1999-2011 The OpenLDAP Foundation, All Rights Reserved.
 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
 
@@ -302,9 +302,9 @@
 
 H4: TLS Authentication Identity Format
 
-This is usually the Subject DN from the client-side certificate.
-The order of the components will be changed to follow LDAP conventions,
-so a certificate issued to {{EX:C=gb, O=The Example Organisation, CN=A Person}}
+This is the Subject DN from the client-side certificate.
+Note that DNs are displayed differently by LDAP and by X.509, so
+a certificate issued to {{EX:C=gb, O=The Example Organisation, CN=A Person}}
 will produce an authentication identity of:
 
 > cn=A Person,o=The Example Organisation,c=gb

--GRPZ8SYKNexpdSJ7--

Prev by Date: Re: (ITS#6841) slapd segfault error 7
Next by Date: Re: (ITS#6841) slapd segfault error 7
Index(es):
- Chronological
- Thread