[Date Prev][Date Next]
Re: Proposal for SASL authorization
Looks good. I have one minor suggestion.
I suggest the general form (should be normalized*):
uid=<ID> [+ ou=<REALM>], cn=<MECH>, <ROOT>
where <ID> is the associated userzID, <REALM> is the realm
(may not be present for some mechanisms), <MECH> is the
mechanism used, and <ROOT> is provided by a configuration
directive (default: CN=AUTHZ).
Having <ROOT> ensures that these DN are not within
an database (which might have odd side effects). And
the remainder is due to fact that user/realms are mech
specific. Realm is optional as some mechs don't support
realms. Also, I changed attributes types to avoid having
to define new ones (because these DNs might get exposed).
So, your DN would be:
mine might be: