Ahh great points Howard! I did not at all think of these use cases and they make perfect sense. Sounds though this is not an absolute must be something we can take our time in implementing. Perhaps it's better to take more time doing it right with partition nesting than finding a quick hack to make this work right now.
Thanks again! Alex On Tue, May 6, 2008 at 9:40 AM, Howard Chu <[EMAIL PROTECTED]> wrote: > Alex Karasulu wrote: > > > No need to quote the RFC with me, I know that it can be subject to > > access control - read my question. You know of situations when it is > > actually set to anything but read-only by everyone? > > > > There are cases where MacOS admins remove access to the > supportedSASLMechanisms attribute, to prevent the clients from attempting > SASL Binds. I don't recall all the reasons behind it, but suffice to say > it's mostly just a bandaid over a buggy SASL implementation. > > You may also want to hide certain values from the > supportedControls/supportedExtensions attributes, so that only particularly > authenticated clients can see certain controls. (And furthermore you may > want to prevent these controls/extensions from being used by various > users...) > > -- > -- Howard Chu > CTO, Symas Corp. http://www.symas.com > Director, Highland Sun http://highlandsun.com/hyc/ > Chief Architect, OpenLDAP http://www.openldap.org/project/ >
