[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] simple bind for ldap hdb backend

On Oct 25, 2006, at 7:47 PM, Luke Howard wrote:

>> When you're new to the business, it's not a good idea to destroy its
>> infrastructure your first time out. Better to learn how it actually
>> works first, before trying to change how it works.
> Agreed -- SASL EXTERNAL is specified directly in the code for a very
> good reason. :-)

He does have one good point though:  it would be better not to  
advertise SASL_EXTERNAL to physically external LDAP clients, unless  
you support SASL_EXTERNAL with a SSL/TLS-supplied identity.  I think  
most LDAP servers that support SASL_EXTERNAL (correctly) only do it  
for connections from the same machine.

This is a nit that bothers me about our Sun LDAP server.
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu