[Date Prev][Date Next]
Re: how to NOT use SASL
- To: email@example.com
- Subject: Re: how to NOT use SASL
- From: Frank Van Damme <firstname.lastname@example.org>
- Date: Tue, 11 May 2010 20:17:45 +0200
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:content-type :content-transfer-encoding; bh=Tyg+XHvpdJb6xojKRkoAVApNyNFyFrRhVaOSBG726E8=; b=gBYvwAXe7e/RYCM5HfBFWLKbfi+cyCAGhDTXTJ+NwF5tyPLCBpatCAQd/9w7EXrCLL Jv7IOO/IBYZXEtGkDeWcYPF3zIPIz/fNvriOh4dMMHc6j0BHIRLvLaBRbhr6rl0PzRLk j+tZ42DAQahNM/cTUfEr8td9l3FelWF7RAALw=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=xTLEuP7val/GV4kQjpgLpxkPrz/1GMAFZME3zbeFdEUsXUfhYLWfBVJiBXCSJx8pJF tlRVsN5rqySOF96Lf2WWDYXxvkX+q3TCby93GRrAhgRVjM+0/9D2inhF1+ZY3YeSHFYd G40PKHn0o/9AQs70CnXTyduWoCqHcrW9eOdFo=
- In-reply-to: <alpine.BSO.email@example.com>
- References: <AANLkTil9bne7aMYzQdusycFDC7hTuLoayidwfI6XTXJw@mail.gmail.com> <alpine.BSO.firstname.lastname@example.org>
2010/5/11 Philip Guenther <email@example.com>:
> On Tue, 11 May 2010, Frank Van Damme wrote:
>> Now this is something I don't understand. TSL shouldn't require the use
>> of sasl, logically speaking, yet why am I getting this output?
>> frvdamme@osc1:~$ ldapsearch -w dd -D
>> 'cn=admin,dc=otec,dc=vub,dc=ac,dc=be' '(cn=admin)' -H
>> ldap://localhost -x
> As a side-note, the above command-line is non-portable as it depends on a
> GNU-libc extension to the behavior of getopt() to parse option arguments
> after positional arguments. (That behavior is a violation of the POSIX
> standard.) The portable way to write that is to put the positional
> argument, the search filter in this case, after all of the option
> arguments, ala:
> ldapsearch -w dd -D 'cn=admin,dc=otec,dc=vub,dc=ac,dc=be' \
> -H ldap://localhost -x '(cn=admin)'
> That's not related to your issue, but you may bump into it later and may
> confuse others trying to reproduce your problem.
Ok, I'll keep that in mind next time I post anything like that to a
mailing list (I worked with non-GNU's but usually I indeed don't pay
much attention to it when on Linux).
> It's not actually doing SASL, but rather is doing a simple bind (see the
> "SIMPLE" there?). ldap_sasl_bind() is the supported libldap entry point
> for *all* authentication, SASL, SIMPLE, or otherwise. The old library
> entry points ldap_simple_bind(), ldap_bind(), and similar were deprecated
> at some point, largly because they didn't support passing controls or
> returning server creds, IIRC.
Ah, ok. That declares it nicely. Thank you very much.
Frank Van Damme
A: Because it destroys the flow of the conversation.
Q: Why is it bad?
A: No, it's bad.
Q: Should I top post in replies to mailing lists or on Usenet?