[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: LDAPBINDDN & LDAPBINDPW
"Kurt D. Zeilenga" wrote:
>
> At 04:09 PM 3/13/00 +0100, Lars Uffmann wrote:
> >I was allways wondering why the ldap.conf(5) mechanism left out
> >BINDDN (-D) and BINDPW (-w) options.
>
> The initial ldap.conf implementation was designed to support
> "shared" parameters. We're extending this to support "user"
> parameters as well. In particular, latest devel codes support
> BINDDN. However BINDPW is purposely not supported per the
Would you mind to backport BINDDN to 1.2.X ?
> latest IETF LDAP C API draft, Security Considerations:
>
> Implementations of this API SHOULD be cautious when handling
> authentication credentials. In particular, keeping long-lived
> copies of credentials without the application's knowledge
> is discouraged.
>
> >Please let me know what you all think about it and if it's worth to be
> >included into the next release.
>
> The key phrase is "without the application's knowledge". Our
> current approach is to make applications responsible for maintaining
> such copies (presumely with the knowledge of the user).
In the meantime, if the IETF LDAP C API draft says 'discouraged', could
the BINDPW feature be implemented inside the ldap client tools only?
I would prefer using the environment only (LDAPBINDPW), so I could allways
override with -w or -W.
--
Lars Uffmann, <lars.uffmann@mediaways.net>, fon: +49 5241 80 40330