[Date Prev][Date Next]
Re: SASL EXTERNAL with TLS Authentication
Karsten Künne wrote:
On Thursday 14 March 2002 12:40, Michael Ströder wrote:
| Karsten Künne wrote:
| > member: uid=/C=US/ST=New York/L=East Setauket/O=Renaissance Technologies
| > Corp.
| > /CN=Karsten Kuenne/Emailemail@example.com
| This violates the schema (besides other caveats with DIT etc.):
| attributetype ( 220.127.116.11 NAME 'member' SUP distinguishedName )
I know, but what do you do in 2.0.23 without saslregexp support? At least
Openldap accepts it (and other invalid constructions for the member attribute
It violates the schema and therefore will cause nothing than grief with e.g.
other LDAP admin software.
The second thing is that this string representation (or at least the OpenSSL
implementation) does not care about escaping special chars not to speak of
string normalization for international chars. Basically it's a hack. That's
why there is an explicit RFC2253 compliant string output of DNs in OpenSSL
> which are also not really valid dn's like "member:
You mean uid=kuenne+realm=RENTEC.COM ? What's wrong with that?