[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: saslAuthz{To|From}
Kurt D. Zeilenga wrote:
At 07:58 AM 12/13/2003, Randall S. Winchester wrote:
My comment would be that for a multi-domain site, a uid can include a
FQDN, like u:jane@janedoe.com.
Which is precisely why using @ as a realm separator is a bad idea.
We need to support the userid "jane@janedoe.com" existing in multiple
realms.
Yes. I'm going to fix the slap_sasl_getdn() code as well,
and we need to figure out a syntax to specify realm (and
possibly mechanism) in "u:<user>" form. What about:
"u.realm;mech:<user>"
with
"u.realm:<user>"
"u;mech:<user>"
in case either is absent?
The syntax would be
"u[.realm][;mech]:<user>"
In this case we don't need to mind about
realm allowing dots "." because only
a semicolon ";" or a colon ":" would terminate it
Ando.
--
Dr. Pierangelo Masarati mailto:pierangelo.masarati@sys-net.it
LDAP Architect, SysNet s.n.c. http://www.sys-net.it
+----------------------------------------------------------------------------+
| SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax:+390382476497 |
+----------------------------------------------------------------------------+