[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAPS (LDAP over SSL) client authentication

To: Luke Howard <lukeh@xedoc.com.au>
Subject: Re: LDAPS (LDAP over SSL) client authentication
From: John Kristian <kristian@netscape.com>
Date: Thu, 29 Oct 1998 12:11:54 -0800
Cc: OpenLDAP-devel@openldap.org, linux-ldap@ragenet.dyn.ml.org
Organization: Netscape Communications
References: <01b901be032c$b821cda0$43200dcb@nt.padl.com>

Luke Howard wrote:
> 
> What about doing a SASL bind with a mechanism other than EXTERNAL, over SSL?
> Can I use that to set an alternate authorization identity too?

Yes, at least in Netscape Directory Server.  Any Bind (except for
a few special cases) sets the subsequent authorization identity,
regardless of what happened during SSL session negotiation.

There are some relevant Internet Drafts:
<draft-ietf-ldapext-ldapv3-tls-02.txt> section 6
<draft-ietf-ldapext-authmeth-02.txt>
I tried to conform to these (actually previous versions of them),
when implementing LDAPS for Netscape.

Follow-Ups:
- RE: LDAPS (LDAP over SSL) client authentication
  - From: "Luke Howard" <lukeh@xedoc.com.au>

References:
- RE: LDAPS (LDAP over SSL) client authentication
  - From: "Luke Howard" <lukeh@xedoc.com.au>

Prev by Date: Re: referrals
Next by Date: RE: LDAPS (LDAP over SSL) client authentication
Index(es):
- Chronological
- Thread