Hallvard B Furuseth wrote:
Howard Chu writes:
[Pulling last line up front]
userPassword is a string of *octets* not *characters*...
This is backwards. That simply means anything can be stored there
- so password charset policy, if any, is up to whoever stores
userPassword values.
Yupp. And this lead to interop problems.
As in fact RFC 4519 2.41 paragraph 2 says:
2.41. 'userPassword' (...) The application SHOULD prepare textual strings used as passwords by transcoding them to Unicode, applying SASLprep [RFC4013], and encoding as UTF-8. The determination of whether a password is textual is a local client matter.
And that was good progress!
This has been debated on ietf-ldapbis: http://www.openldap.org/lists/ietf-ldapbis/200110/msg00006.html http://www.openldap.org/lists/ietf-ldapbis/200309/msg00026.html (The "References" and "Follow-Ups" links are not complete in this archive. You have to sometimes click on "Next by Date".)
Ciao, Michael.