On Jul 15, 2007, at 2:49 PM, Michael Ströder wrote:
Hallvard B Furuseth wrote:
If it's no longer needed - what has changed? I thought it was invented because the existing scheme of '{hash method}' in userPassword broke the LDAP standard. Which it still does.
Simply no-one cares.
For multiple reasons, yes.
BTW: IIRC RFC 3112 also lacks a definition of charset encoding for textual strings. This was kinda solved for userPassword by an implementation hint in RFC 4519 requiring SASLprep/UTF-8 but not for the authPasswordSyntax.
In due time the other specifications will be appropriately updated.
The client is to use SASLprep/UTF-8 when using simple bind. When a client updates the password, whether by LDAP Password Modify or by LDAP Modify (of userPassword (hashed or not) or authPassword), they should also apply SASLprep/UTF-8.
http://www.openldap.org/lists/ietf-ldapbis/200110/msg00008.html
Ciao, Michael.