[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAPBINDDN & LDAPBINDPW



"Kurt D. Zeilenga" wrote:
> 
> At 04:09 PM 3/13/00 +0100, Lars Uffmann wrote:
> >I was allways wondering why the ldap.conf(5) mechanism left out
> >BINDDN (-D) and BINDPW (-w) options.
> 
> The initial ldap.conf implementation was designed to support
> "shared" parameters.  We're extending this to support "user"
> parameters as well.  In particular, latest devel codes support
> BINDDN.  However BINDPW is purposely not supported per the

Would you mind to backport BINDDN to 1.2.X ?

> latest IETF LDAP C API draft, Security Considerations:
> 
>         Implementations of this API SHOULD be cautious when handling
>         authentication credentials.  In particular, keeping long-lived
>         copies of credentials without the application's knowledge
>         is discouraged.
> 
> >Please let me know what you all think about it and if it's worth to be
> >included into the next release.
> 
> The key phrase is "without the application's knowledge".  Our
> current approach is to make applications responsible for maintaining
> such copies (presumely with the knowledge of the user).

In the meantime, if the IETF LDAP C API draft says 'discouraged', could
the BINDPW feature be implemented inside the ldap client tools only?
I would prefer using the environment only (LDAPBINDPW), so I could allways
override with -w or -W.

-- 
Lars Uffmann, <lars.uffmann@mediaways.net>, fon: +49 5241 80 40330