[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL_MECH EXTERNAL in system ldap.conf

To: Phil Pennock <openldap-software@spodhuis.demon.nl>
Subject: Re: SASL_MECH EXTERNAL in system ldap.conf
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Mon, 06 Mar 2006 08:45:47 -0800
Cc: openldap-software@OpenLDAP.org
In-reply-to: <20060306103522.GC15074@domus.home.globnix.net>
References: <20060306103522.GC15074@domus.home.globnix.net>

At 02:35 AM 3/6/2006, Phil Pennock wrote:
>Actually, the only item needed in the per-user config is the SASL_MECH,
>I just keep them together for clarity. 

But note that these settings are quite independent.  If
the user connects using -H ldap.example.net, ldapsearch(1)
will use SASL EXTERNAL even where SASL EXTERNAL is not
available. 

> Is there a reason to disallow this option in the system config?

The user has no facility to disable a global SASL_MECH setting
(without disabling use of the complete system ldap.conf).
For instance, a user wanting auto-selection of the SASL
mechanism (ldapsearch(1)'s default behavior) cannot unset
the SASL_MECH setting but instead must cause the system
ldap.conf to be ignored.

> Is it likely to be changed in official source?

HEAD presently includes such a change.  However, it's possible
that change could be reverted.

Kurt

References:
- SASL_MECH EXTERNAL in system ldap.conf
  - From: Phil Pennock <openldap-software@spodhuis.demon.nl>

Prev by Date: Replica ACL and break
Next by Date: RedHat 7.3, OpenLadp and DB Berkeley
Index(es):
- Chronological
- Thread