Keep in mind that OAuth is an authorization protocol and not an authentication protocol. As such, I’d never consider it for and LDAP containing any sort of sensitive information.
// John Pfeifer Division of Information Technology University of Maryland, College Park > On Jun 30, 2023, at 5:30 AM, Pascal Jakobi <pascal.jak...@gmail.com> wrote: > > Hi there > > I am reading at the moment RFC 7628 (SASL for OAuth). The idea is to extend > usage of OAuth outside of the HTTP world. It has obviously been written with > SMTP & IAMP in mind. It seems that it could be a very nice solution for > authenticating web frontends accessing dir. servers (typically web based > directory browsers). Correct if I am missing a point here, pls. > > As far as I understand, OL does not support it (again, feel free to correct). > Are there any plans to look into it ? > > Best, > > P > >
