[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#7342) Password modify EXOP requires a DN

I filed it in response to a posting I saw on AFP548 regarding OS X.  Some users have patched OpenLDAP to work around the issue.  

Though your statement is true, many SASL methods do not use DNs either.  I do not see why it is not allowed for passwordModify in the same way.  If it behaves as designed then feel free to close.

Thank you,
Eric Clements

On Aug 1, 2012, at 2:26 PM, Howard Chu <hyc@symas.com> wrote:

> eclements@apple.com wrote:
>> Full_Name: Eric Clements
>> Version: 2.4.26
>> OS: MacOS
>> URL: ftp://ftp.openldap.org/incoming/
>> Submission from: (NULL) (
>> RFC 3062 Section 2.1 (authored by OpenLDAP) states that a password modify
>> request may or may not be an LDAP DN, yet OpenLDAP backend requires a DN.
> I'm not sure I understand why you've filed this ITS. The RFC doesn't specify
> that a server MUST support non-DN valued identities. It in fact says in Section 3:
>   If the server does not recognize provided fields or does not support
>   the combination of fields provided, it SHALL NOT change the user
>   password.
> Clearly it is allowed for a server to reject identities if it doesn't
> recognize them.
> -- 
>  -- Howard Chu
>  CTO, Symas Corp.           http://www.symas.com
>  Director, Highland Sun     http://highlandsun.com/hyc/
>  Chief Architect, OpenLDAP  http://www.openldap.org/project/