You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by Stefan Zoerner <st...@labeo.de> on 2007/12/30 19:37:05 UTC
Configuration in bigbang branch: names of SASL attributes and elements
Hi all!
I am playing around with SASL for my 2.0 documentation examples (Basic
User's Guide). I was able to authenticate via DIGEST-MD5 against the
sample partition of the guide, after adjusting some attributes in
server.xml.
During this I had to modify the attribute "saslHost" from element
<ldapServer>, and there is also a "saslPrincipal" (which I did not use,
because no GSSAPI). Other sub elements of ldapServer are named
saslSomething (saslQop, saslRealms).
But I had also to modify the value of attribute "searchBaseDn". I assume
this value is only used for user detection in SASL. I therefore propose
the name saslSearchBaseDn in order to make this consistent.
Another element name I wondered about was "supportedMechanisms". I
recommend to rename it to "supportedSaslMechanisms", because this is the
name used in the Root DSE for publication. In fact, it is
supportedSASLMechanisms, but this does not fit the name scheme.
Thoughts?
Thanks in advance,
Stefan
Re: Configuration in bigbang branch: names of SASL attributes and elements
Posted by Enrique Rodriguez <en...@gmail.com>.
On Dec 30, 2007 10:37 AM, Stefan Zoerner <st...@labeo.de> wrote:
> ...
> But I had also to modify the value of attribute "searchBaseDn". I assume
> this value is only used for user detection in SASL. I therefore propose
> the name saslSearchBaseDn in order to make this consistent.
Yes, this DN is only for finding users for purposes of authentication.
> Another element name I wondered about was "supportedMechanisms". I
> recommend to rename it to "supportedSaslMechanisms", because this is the
> name used in the Root DSE for publication. In fact, it is
> supportedSASLMechanisms, but this does not fit the name scheme.
The issue here is that the 'supportedMechanisms' property allows you
to enable/disable support for SIMPLE authentication and SIMPLE is not
technically a SASL mechanism.
Enrique