[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Authorization on UIDs without bind

Geert Jansen wrote:
Kurt D. Zeilenga wrote:
Or you could just use SASL/EXTERNAL bind (assuming your client
supports it, of course. If not, well, I'd work with its developer
to add it.)
I will try that as well. However, current support for this is very poor
amongst LDAP clients. My email server (postfix), IMAP server (dovecot)
and web server (apache) all do not support SASL binds.

You should request appropriate enhancements from those projects. Support for SASL Binds has been a mandatory part of LDAPv3 for many ( >5 ) years.

Would be happy to follow the guidelines if this patch could be
considered for inclusion. Do you think this patch is a good feature for
OpenLDAP to have?

No, it's a hack to support obsolete LDAPv2 clients. It has no place in an LDAPv3 server.

 -- Howard Chu
 Chief Architect, Symas Corp.  http://www.symas.com
 Director, Highland Sun        http://highlandsun.com/hyc
 OpenLDAP Core Team            http://www.openldap.org/project/