On 2/08/2023 2:27 am, Howard Chu wrote:
Sean Gallagher wrote:
On 1/08/2023 3:46 am, Jordan Brown wrote:
On 7/31/2023 9:10 AM, Howard Chu wrote:
The fact that the TLS session is already authenticated is irrelevant. Transport layer and Application layer are separate and independent. If a client wants to be authenticated on the LDAP layer it must request it.
Does the RFC explicitly authorize controlling access based on the client's IP address? Does slapd allow controlling access based on the client's IP address?
Howard is being very literal in his reading of the LDAP RFCs.
RFCs are not poems, they aren't meant to be loosely interpreted.
Sorry Howard, what I said was in defense of Jordan and not intended as an attack on you. I understand and agree with your position, that the ultimate authority is the specification and anything that happens must be consistent with the specification.