[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#7342) Password modify EXOP requires a DN

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#7342) Password modify EXOP requires a DN
From: eclements@apple.com
Date: Thu, 2 Aug 2012 20:59:32 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

I filed it in response to a posting I saw on AFP548 regarding OS X.  Some users have patched OpenLDAP to work around the issue.  

Though your statement is true, many SASL methods do not use DNs either.  I do not see why it is not allowed for passwordModify in the same way.  If it behaves as designed then feel free to close.

Thank you,
---------------------------
Eric Clements

On Aug 1, 2012, at 2:26 PM, Howard Chu <hyc@symas.com> wrote:

> eclements@apple.com wrote:
>> Full_Name: Eric Clements
>> Version: 2.4.26
>> OS: MacOS
>> URL: ftp://ftp.openldap.org/incoming/
>> Submission from: (NULL) (17.193.15.131)
>> 
>> 
>> RFC 3062 Section 2.1 (authored by OpenLDAP) states that a password modify
>> request may or may not be an LDAP DN, yet OpenLDAP backend requires a DN.
> 
> I'm not sure I understand why you've filed this ITS. The RFC doesn't specify
> that a server MUST support non-DN valued identities. It in fact says in Section 3:
> 
>   If the server does not recognize provided fields or does not support
>   the combination of fields provided, it SHALL NOT change the user
>   password.
> 
> Clearly it is allowed for a server to reject identities if it doesn't
> recognize them.
> 
> -- 
>  -- Howard Chu
>  CTO, Symas Corp.           http://www.symas.com
>  Director, Highland Sun     http://highlandsun.com/hyc/
>  Chief Architect, OpenLDAP  http://www.openldap.org/project/

Prev by Date: Re: (ITS#7344) [PATCH] Add initial testsuit for slapo-constraint
Next by Date: Re: (ITS#7342) Password modify EXOP requires a DN
Index(es):
- Chronological
- Thread