Arthur de Jong <adej...@debian.org> writes: > Perhaps it is also a good idea to move the password question after the > SASL one or maybe even move the binddn question after SASL. If we keep > the binddb question before SASL is it safe to skip the SASL question if > the binddn is empty (is there any reasonable configuration with an empty > binddn while using SASL)?
Looking at RFC4313 section 5.2.1.2. SASL Authentication Initiation and Protocol Exchange(page 16): Clients sending a BindRequest message with the sasl choice selected SHOULD send a zero-length value in the name field. Servers receiving a BindRequest message with the sasl choice selected SHALL ignore any value in the name field. So, when using SASL, binddn should be empty. Regards. -- Daniel Dehennin Récupérer ma clef GPG: gpg --keyserver pgp.mit.edu --recv-keys 0x6A2540D1
pgpLMxRen8IkR.pgp
Description: PGP signature
