[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: saslAuthz{To|From}



Kurt D. Zeilenga wrote:
At 07:58 AM 12/13/2003, Randall S. Winchester wrote:

My comment would be that for a multi-domain site, a uid can include a
FQDN, like u:jane@janedoe.com.


Which is precisely why using @ as a realm separator is a bad idea.
We need to support the userid "jane@janedoe.com" existing in multiple
realms.


Yes.  I'm going to fix the slap_sasl_getdn() code as well,
and we need to figure out a syntax to specify realm (and
possibly mechanism) in "u:<user>" form.  What about:

"u.realm;mech:<user>"

with

"u.realm:<user>"

"u;mech:<user>"

in case either is absent?

The syntax would be

"u[.realm][;mech]:<user>"

In this case we don't need to mind about
realm allowing dots "." because only
a semicolon ";" or a colon ":" would terminate it

Ando.


-- Dr. Pierangelo Masarati mailto:pierangelo.masarati@sys-net.it LDAP Architect, SysNet s.n.c. http://www.sys-net.it
+----------------------------------------------------------------------------+
|   SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax:+390382476497    |
+----------------------------------------------------------------------------+