I skimmed RFC 4513 (sans coffee) and didn't find the section you're
referring to. I did see that RFC 4422 (last paragraph of section 3.6)
seems to suggest that OS X's and OpenLDAP's behavior is legitimate and
useful.
I'm not sure I read that there. I see this :
It is also important that the server can be configured such that the outcome
message will not distinguish between a valid user with invalid credentials
and an invalid user.
This is eactly what I was saying and would appear to be the opposite of
what OpenLDAP have implemented.
Back and bit in that same paragraph it says :
The outcome is not successful if
...
- the client's credentials could not be verified,
which again seems to be in line with the FDS implementation because
it tells the client that the authentication attempt was unsuccessful.
--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
