Re: Automatically imply -x in case of -D (was: Newbie question ldap_sasl_interactive_bind_s: Invalid credentials (49))
On Oct 17, 2008, at 5:03 AM, Michael Ströder wrote:
Howard Chu wrote:
> SASL Binds do not use a DN in the Bind request, therefore you don't
> need
> the -D option (and anything you provide there is ignored by the
> server).
Hmm, since this issue is raised quite often how about handle this more
clearly?
If -D is only appropriate for simple bind the command-line tools could
check whether -D is used and then give a hint that -x is to be used.
Or
simply imply simple bind automagically. Same for -U. etc.
Maybe I'm missing something.
There are cases where a client might desire to send a bind DN with a
SASL password. The protocol specification does not preclude this.
The (new) protocol specification does say servers are to ignore any
bind DN presented, but IIRC some don't ignore it.
I would suggest that specifying simple Bind arguments when SASL is
selected (by lack of -x) only lead to a warning, not an error (unless
there is an override flag).
Ciao, Michael.