[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: commit: ldap/doc/man/man5 slapd-ldap.5

Some suggestions...

Start TLS?
SASL Bind (for both bind and proxy authcid)
  with authzid assertion (at SASL Bind time) for both

idassert-mode <dn> should likely be idassert-mode <authzid>.
That is, either dn:uid=foo,dc=example,dc=com or u:foo should be

I think modes are confusing.  I suggest:
        none - no proxy authz control
        user (or self) - proxy authz control with client's authz
        anonymous - anonymous proxy authz control
                (same as <authz> with "")
        <authz> - as specified

(I don't see what your fifth choice is for.)


At 02:35 PM 5/13/2004, ando@OpenLDAP.org wrote:
>Update of /repo/OpenLDAP/pkg/ldap/doc/man/man5
>Modified Files:
>        slapd-ldap.5  1.15 -> 1.16
>Log Message:
>document proxyauthz{dn|pw} and idassert-*
>CVS Web URLs:
>  http://www.openldap.org/devel/cvsweb.cgi/doc/man/man5/
>    http://www.openldap.org/devel/cvsweb.cgi/doc/man/man5/slapd-ldap.5
>Changes are generally available on cvs.openldap.org (and CVSweb)
>within 30 minutes of being committed.