On Tue, March 4, 2008 12:44 pm, Russ Allbery wrote:
"Joel Johnson" mrjoel@lixil.net writes:
A deficiency of the previously patch [1] appears to be that the option is not configurable, so I have created a related patch [2] (currently against 2.4.8, not quite HEAD) to add a runtime configuration option to select whether or not the name canonicalization should be performed. It defaults to true, the current behavior. The patch is still in progress, but has the functionality and provides an illustration of my approach. The following are known issues that will be addressed:
For what it's worth, this approach (making canonicalization configurable and defaulting to on) is the same approach that's been taken by GSSAPI implementers. (By setting rdns = false in [libdefaults] for MIT Kerberos, for example.)
-- Russ Allbery (rra@stanford.edu) http://www.eyrie.org/~eagle/
This is precisely why I have need of the patch. I wish to use GSSAPI through SASL, but the OpenLDAP SASL behavior masks the ability to make use of the rdns=false selection from the underlying library.
Joel