Pierangelo Masarati wrote:
We have a proxyOld.c module that we bundle with Connexitor that handles
part of the problem. It dynamically adds a new control handler that
recognizes the obsolete OID and parses its values, then does the usual
slap_sasl_authorized validation. I don't think supporting this obsolete
spec in the mainline code is a good idea.
My problem is different: I don't care about supporting it at control
__decoding__; I need to support it at control __encoding__, when
requesting proxyAuthz inside back-ldap. This wouldn't be mainstream at
all, IMHO.
p.
Right, as I said that only handled part of the problem, but it was
sufficient for allowing back-ldap to pass through an old-style control
to a remote SunOne server. I can see that you would need to add config
support etc. for generating this control internally in back-ldap. It
still seems dodgy to me; Sun ought to have updated their servers to
support the newer spec ages ago. The version of the draft that they
support is over 5 years old, it's bordering on LDAPv2 Historical territory.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
OpenLDAP Core Team http://www.openldap.org/project/
