[EMAIL PROTECTED] wrote: > Full_Name: Michael Ströder > Version: HEAD > OS: Linux > URL: > Submission from: (NULL) (84.163.120.227) > > > This is somewhat related to the client tool modification in ITS#5753. > > I wonder whether it would be worth that slapd rejects a SASL bind request with > BindRequest.name set (normally used for simple bind) returning a protocolError > error code. > > Example for an inconsistent use of -D and -U with SASL/DIGEST-MD5 at the > command-line: > > $ ldapwhoami -D "cn=root,dc=stroeder,dc=de" -W -U michael -Y DIGEST-MD5 > Enter LDAP Password: > SASL/DIGEST-MD5 authentication started > SASL username: michael > SASL SSF: 128 > SASL data security layer installed. > dn:cn=michael ströder,ou=private,dc=stroeder,dc=de
Changing this behavior seems like a bad idea to me. Currently the RFC doesn't require servers to behave one way or the other, so there's no argument that this change would improve interoperability. If there are no clients out there depending on the behavior, then this change is meaningless. If there *are* clients out there depending on the behavior, then they will break for no apparent reason. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
