[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: commit: ldap/servers/slapd/back-ldap back-ldap.h bind.c

At 12:09 PM 6/19/2004, Pierangelo Masarati wrote:

>> At 09:18 AM 6/19/2004, ando@OpenLDAP.org wrote:
>>>Log Message:
>>>allow a hidden parameter to instruct the proxy that the SASL mech can do
>>> native authz; will disappear as soon as I can detect it automnatically
>> Hmmm... I don't think slapd(8) should be coded with this
>> kind of knowledge.  If the user configures back-ldap
>> to use SASL proxy authorization, the user should configure
>> back-ldap to use a SASL mechanism which supports
>> proxy authorization.  If the user fails to do this, that's
>> his problem.
>Well, currently the code can do proxy authorization in two ways:
>1) by adding a proxyAuthz control to all operations
>2) by using the native SASL authorization at SASL bind

I'd prefer this be a configuration choice, instead of
requiring slapd to know particulars of SASL mechanisms.