[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL EXTERNAL with TLS Authentication

Karsten Künne wrote:
On Thursday 14 March 2002 12:40, Michael Ströder wrote:
| Karsten Künne wrote:
|  > member: uid=/C=US/ST=New York/L=East Setauket/O=Renaissance Technologies
|  > Corp.
|  >  /CN=Karsten Kuenne/Email=kuenne@rentec.com
| This violates the schema (besides other caveats with DIT etc.):
| attributetype ( NAME 'member' SUP distinguishedName )

I know, but what do you do in 2.0.23 without saslregexp support? At least Openldap accepts it (and other invalid constructions for the member attribute

It violates the schema and therefore will cause nothing than grief with e.g. other LDAP admin software.

The second thing is that this string representation (or at least the OpenSSL implementation) does not care about escaping special chars not to speak of string normalization for international chars. Basically it's a hack. That's why there is an explicit RFC2253 compliant string output of DNs in OpenSSL nowadays.

> which are also not really valid dn's like "member:
> uid=kuenne+realm=RENTEC.COM"

You mean uid=kuenne+realm=RENTEC.COM ? What's wrong with that?

Ciao, Michael.