Re: Automatically imply -x in case of -D

[Michael Ströder <michael@stroeder.com>]

Kurt Zeilenga wrote:
> 
> On Oct 17, 2008, at 5:03 AM, Michael Ströder wrote:
> 
>> Howard Chu wrote:
>>> SASL Binds do not use a DN in the Bind request, therefore you don't need
>>> the -D option (and anything you provide there is ignored by the server).
>>
>> Hmm, since this issue is raised quite often how about handle this more
>> clearly?
>>
>> If -D is only appropriate for simple bind the command-line tools could
>> check whether -D is used and then give a hint that -x is to be used. Or
>> simply imply simple bind automagically. Same for -U. etc.
>>
>> Maybe I'm missing something.
> 
> There are cases where a client might desire to send a bind DN with a
> SASL password.  The protocol specification does not preclude this.  The
> (new) protocol specification does say servers are to ignore any bind DN
> presented, but IIRC some don't ignore it.
> 
> I would suggest that specifying simple Bind arguments when SASL is
> selected (by lack of -x) only lead to a warning, not an error (unless
> there is an override flag).

Filed ITS#5753 which trys to make it possible to explicitly specify -D
together with SASL bind but still assume -x (simple bind) automagically
for a single -D.

Ciao, Michael.