<quote who="Hadmut Danisch">
Gavin Henry wrote:
I don't read that as rude, merely advice. Don't take it personally please.
I do. His point was not to understand or answer my question. His point
was to allege that I would not know what I am talking about and would not have understood the basic principles of LDAP just because my wording differed slightly from his expectations.
The problem with e-mail is that a persons tone can't be portrayed.
It was a personal attack and I take it as such. I don't care about, but
I notice that the guys behind openldap tend to rather attack people personally than answering security relevant questions and that they
None of our team do this. We all have limited time and do our best to reply to users questions or ITS reports. But you must understand, 99% of questions asked have been asked before with the answers being available in the mailing archives.
9 times out of 10 a user hasn't read any of our docs, so we politely ask, "have you read any of the docs?", that's not "have you *read* any of the docs?" implying an insult.
So if we come across as attacking people, then I believe that this is an interpretation of the reader.
expect everyone to know what's not in the docs but hidden somewhere in
some strange FAQ machine.
Not really strange, pretty standard at the time and still used in many OSS projects.
I've actually ported most of the relevant parts of our FAQ-O-Matic to the 2.4 Admin Guide, at present over 80 new pages of content over a 6-7 month period of unpaid commitment. So when I ask, as the OpenLDAP Project Documention Leader, have you read any of the docs, I think I'm entitled to put that question to a user. That's not being rude.
Beyond the fact that this is not worth of further dispute, from my point
of view this way of dealing with questions and handling authentication details disqualifies as software engineers for security relevant software.
I disagree. Nothing in this thread can back up your claim here.
Just for your information: I read the specs when they were issued as
X.500 and X.509 in the CCITT Blue Book. But I am not rereading specs every day, LDAP is just a small detail of my daily work.
Ok.
OpenLDAP supports SASL, SASL does have it's own documentation. Did you
try to read any of that?
Again, this offending way to assume that anyone who does not have
exactly your point of view could not have read the specs. "try to read" is offensive.
Maybe I should have asked, "Did you browse the SASL docs?", "Or did you take a quick look over at the SASL documentation?". They all mean the same thing, with no offence intended.
It's all in how the reader sees it.
<snip>
So before blaming me for not reading and understanding specs, tell me,
where exactly this is specified.
Do those particular specs you're blaming me for not having read at all
exist?
I don't know, I'm not a SASL expert. Maybe one of the Core team can answer this.
If you do find the answer or implement something to solve your feature request, documentation patches are always welcome. We are an Open Source Community after all.
Gavin.