[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: FW: Storing SASL secrets in the directory



On Fri, Jul 12, 2002 at 01:35:31PM -0700, Howard Chu wrote:
> 
> And, none of the in-directory SASL code is doing ACL checks anywhere. For
> sasl_auxprop,
> do we just want to check ACL_AUTH on everything we lookup? The code that
> currently uses backend_attribute will have to be rewritten to do an internal
> search, since the actual entry is needed for access_allowed().

That makes sense to me. It would have the added benefit that the
search performed as part of the ID mapping would show up in the logs,
thus making it easier to debug config problems.

Andrew
-- 
-----------------------------------------------------------------------
|                 From Andrew Findlay, Skills 1st Ltd                 |
| Consultant in large-scale systems, networks, and directory services |
|        Andrew.Findlay@skills-1st.co.uk       +44 1628 782565        |
-----------------------------------------------------------------------