[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL_MECH and useronly

>Note that users can tell the library to use an
>alternative ldap.conf(5) file, and hence go around
>any 'policy' the administrator tries to enforce using
>ldap.conf(5).  The administrator should use more
>appropriate means for enforcing such policy, such
>as properly configuring their server to support
>the particular set of allowed mechanisms.  (Administrators

Sure, easy with Cyrus SASL, hard with Active Directory,
although I am looking into it as it will be a lot easier
to deploy.

>The intent was for ldap.conf(5) to provide defaults
>values for command line arguments.   These defaults
>were only to be used when the user of the tool did
>not provide a value via the command line.  That is,
>the user should always be able to specify the
>desired behavior explicitly on the command line
>such that any and all defaults values are ignored.

This should still work though, even with ldap.conf(5)
specifying SASL_MECH.

-- Luke