Alex Karasulu wrote:
No need to quote the RFC with me, I know that it can be subject to access control - read my question. You know of situations when it is actually set to anything but read-only by everyone?
There are cases where MacOS admins remove access to the supportedSASLMechanisms attribute, to prevent the clients from attempting SASL Binds. I don't recall all the reasons behind it, but suffice to say it's mostly just a bandaid over a buggy SASL implementation.
You may also want to hide certain values from the supportedControls/supportedExtensions attributes, so that only particularly authenticated clients can see certain controls. (And furthermore you may want to prevent these controls/extensions from being used by various users...)
-- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
