Kurt Zeilenga wrote: > > On Oct 29, 2008, at 2:56 AM, [EMAIL PROTECTED] wrote: > >> I wonder whether it would be worth that slapd rejects a SASL bind >> request with >> BindRequest.name set (normally used for simple bind) returning a >> protocolError >> error code. > > RFC 4513: > Clients sending a BindRequest message with the sasl choice selected > SHOULD send a zero-length value in the name field. Servers receiving > a BindRequest message with the sasl choice selected SHALL ignore any > value in the name field. > > So, no.
Ok. My intention was that if 'name' field and SASL authc-ID leads to different identity mapping it could confuse admins seeing 'name' in the BindRequest but a different authz-ID being in effect. Anyway no strong need, just an idea. Ciao, Michael.
