Configuration in bigbang branch: names of SASL attributes and elements

[Stefan Zoerner <st...@labeo.de>]

Hi all!

I am playing around with SASL for my 2.0 documentation examples (Basic 
User's Guide). I was able to authenticate via DIGEST-MD5 against the 
sample partition of the guide, after adjusting some attributes in 
server.xml.

During this I had to modify the attribute "saslHost" from element 
<ldapServer>, and there is also a "saslPrincipal" (which I did not use, 
because no GSSAPI). Other sub elements of ldapServer are named 
saslSomething (saslQop, saslRealms).

But I had also to modify the value of attribute "searchBaseDn". I assume 
this value is only used for user detection in SASL. I therefore propose 
the name saslSearchBaseDn in order to make this consistent.

Another element name I wondered about was "supportedMechanisms". I 
recommend to rename it to "supportedSaslMechanisms", because this is the 
name used in the Root DSE for publication. In fact, it is 
supportedSASLMechanisms, but this does not fit the name scheme.

Thoughts?

Thanks in advance,
     Stefan

Re: Configuration in bigbang branch: names of SASL attributes and elements

[Enrique Rodriguez <en...@gmail.com>]

On Dec 30, 2007 10:37 AM, Stefan Zoerner <st...@labeo.de> wrote:
> ...
> But I had also to modify the value of attribute "searchBaseDn". I assume
> this value is only used for user detection in SASL. I therefore propose
> the name saslSearchBaseDn in order to make this consistent.

Yes, this DN is only for finding users for purposes of authentication.

> Another element name I wondered about was "supportedMechanisms". I
> recommend to rename it to "supportedSaslMechanisms", because this is the
> name used in the Root DSE for publication. In fact, it is
> supportedSASLMechanisms, but this does not fit the name scheme.

The issue here is that the 'supportedMechanisms' property allows you
to enable/disable support for SIMPLE authentication and SIMPLE is not
technically a SASL mechanism.

Enrique