[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: proxyAuthz value encoding

Pierangelo Masarati wrote:
We have a proxyOld.c module that we bundle with Connexitor that handles
part of the problem. It dynamically adds a new control handler that
recognizes the obsolete OID and parses its values, then does the usual
slap_sasl_authorized validation. I don't think supporting this obsolete
spec in the mainline code is a good idea.

My problem is different: I don't care about supporting it at control __decoding__; I need to support it at control __encoding__, when requesting proxyAuthz inside back-ldap. This wouldn't be mainstream at all, IMHO.


Right, as I said that only handled part of the problem, but it was sufficient for allowing back-ldap to pass through an old-style control to a remote SunOne server. I can see that you would need to add config support etc. for generating this control internally in back-ldap. It still seems dodgy to me; Sun ought to have updated their servers to support the newer spec ages ago. The version of the draft that they support is over 5 years old, it's bordering on LDAPv2 Historical territory.

 -- Howard Chu
 Chief Architect, Symas Corp.  http://www.symas.com
 Director, Highland Sun        http://highlandsun.com/hyc
 OpenLDAP Core Team            http://www.openldap.org/project/