[Date Prev][Date Next]
Re: LDAP invalid credentials and ldap_sasl_interactive_bind_s
David Wright wrote:
Why is SASL enabled by default? It seems that most client/servers out
there will (by default esp for anon reads) not use SSL or SASL.
Shouldn't it be /off/ by default, and if you want it, turn it on? This
is a big point of contention among our IT clients.
Very, very unfortunately, SASL managed to become a part of the LDAP v3
that is so true.
I don't think the idea is necessarily bad, it's just that the
implementation is not up standard. This makes any app that depends on
sasl appear to be confusing, buggy and thus insecure. Case n point
I agree too that -x is should be the default. In fact, I think that
would be a big step forward in useability.