[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#8560) Proxy Authorization is mentioned as a SASL mech
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#8560) Proxy Authorization is mentioned as a SASL mech
- From: quanah@symas.com
- Date: Tue, 17 Jan 2017 18:55:07 +0000
- Auto-submitted: auto-generated (OpenLDAP-ITS)
--On Friday, January 06, 2017 7:17 PM +0000 rick@openfortress.nl wrote:
> Full_Name: Rick van Rein
> Version: 2.4
> OS: N/A
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (2001:980:93a5:1:98ff:3cc8:e968:ded8)
>
>
> Hello,
>
> I found a nit in the OpenLDAP administrator's guide at
> http://www.openldap.org/doc/admin24/guide.html#SASL%20Proxy%20Authorizati
> on
>
> It mentions Proxy Authorization as a facility of SASL, something I never
> heard of. It is defined specifically for LDAP in RFC 4370. So the
> chapter title, and perhaps its ordering underneath SASL, are not perfect.
Hi Rick,
Thanks for the report. However, the EXTERNAL mechanism is in fact a SASL
mechanism, just implemented directly in OpenLDAP (vs other SASL mechanisms
that OpenLDAP supports via Cyrus-SASL). The location in the admin guide is
correct. If you read RFC 4370, Section 1 clearly notes that it is a part
of SASL:
"The Lightweight Directory Access
Protocol [LDAPV3] supports the use of the Simple Authentication and
Security Layer [SASL] for authentication and for supplying an
authorization identity distinct from the authentication identity,
where the authorization identity applies to the whole LDAP session."
Regards,
Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>