Kurt Zeilenga wrote:
On Oct 29, 2008, at 2:56 AM, michael@stroeder.com wrote:
I wonder whether it would be worth that slapd rejects a SASL bind request with BindRequest.name set (normally used for simple bind) returning a protocolError error code.
RFC 4513: Clients sending a BindRequest message with the sasl choice selected SHOULD send a zero-length value in the name field. Servers receiving a BindRequest message with the sasl choice selected SHALL ignore any value in the name field.
So, no.
Ok.
My intention was that if 'name' field and SASL authc-ID leads to different identity mapping it could confuse admins seeing 'name' in the BindRequest but a different authz-ID being in effect.
Anyway no strong need, just an idea.
Ciao, Michael.
-
michael@stroeder.com