[Date Prev][Date Next]
RE: proxyAuth for bind (Was: Can I bind to server with DN not on server ?)
> -----Original Message-----
> From: Kurt D. Zeilenga [mailto:Kurt@OpenLDAP.org]
> One of the problems using the proxyAuthz control in chaining
> (between servers) is that it interferes with clients own use
> of the control between the client and the directory.
> In hallway discussions at IETF#58, we concluded that LDAP
> really needs to have a "chaining" operation which would wrap
> the client request when it was chained to another server (much
> like in X.500). This would provide a clear separation between
> client's desires and chaining server's desires.
Sounds like time to dust off a copy of X.518 and read thru the Distributed
Authentication model... It seems a "ChainingArguments" control to accompany
any other operation would be more appropriate than a new operation.
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
Symas: Premier OpenSource Development and Support