Hi guys,
SASL mechanisms include PLAIN and ANONYMOUS. Simple BindRequest already
implements those mechanisms internally. RFC 4513 specifically says :
"5.2.1. SASL Protocol Profile
LDAP allows authentication via any SASL mechanism [RFC4422]. As LDAP
includes native anonymous and name/password (plain text)
authentication methods, the ANONYMOUS [RFC4505] and PLAIN [PLAIN]
SASL mechanisms are typically not used with LDAP."
Question : should we allow those two SASL mechanisms, should we default to a fake Simple BindRequest internally or should we simply reject
SASL BindRequest specifying one of those two mechanisms?
In the last case, we should also remove those mechanisms from the
availableSASLMechanisms attribute in the root DSE.
wdyt ?
--
--
cordialement, regards,
Emmanuel Lécharny
www.iktek.com
directory.apache.org
