[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openldap-devel
Subject:    Re: New tool
From:       "Pierangelo Masarati" <ando () sys-net ! it>
Date:       2004-04-14 22:33:19
Message-ID: 64572.81.72.89.40.1081981999.squirrel () webmail ! sys-net ! it
[Download RAW message or body]


> At 09:26 AM 4/14/2004, Kurt D. Zeilenga wrote:
>>I have no problem with you committing such.  Might be interesting to
>> extend the whoami test to use it.  (Proxy authorization can
>>apply without use of SASL.)
>
> Not sure if your rewrite changes effects the syntax of
> saslAuthzTo/From attribute values, but if so, it would
> good to change these attributes' names, e.g.:  authzTo/From.

Not directly.  They just replace sasl-regexp, allowing more
sophisticate (e.g. recursive) rules, and (should) mimic the
existing behavior for backwards compatibility.  I'll add the
"auth-regexp" directive, aliased by "sasl-regexp" for
compatibility.

>
> This would also reflect that they are not just for SASL.
> (e.g., can be used to support the proxy authorization control).

No problem; I note they're in the (evil) OID namespace of OpenLDAP,
so I guess we can change their specification.

p.

-- 
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it


[prev in list] [next in list] [prev in thread] [next in thread]