Kurt Zeilenga wrote: > > On Oct 17, 2008, at 5:03 AM, Michael Ströder wrote: > >> Howard Chu wrote: >>> SASL Binds do not use a DN in the Bind request, therefore you don't need >>> the -D option (and anything you provide there is ignored by the server). >> >> Hmm, since this issue is raised quite often how about handle this more >> clearly? >> >> If -D is only appropriate for simple bind the command-line tools could >> check whether -D is used and then give a hint that -x is to be used. Or >> simply imply simple bind automagically. Same for -U. etc. >> >> Maybe I'm missing something. > > There are cases where a client might desire to send a bind DN with a > SASL password. The protocol specification does not preclude this. The > (new) protocol specification does say servers are to ignore any bind DN > presented, but IIRC some don't ignore it. > > I would suggest that specifying simple Bind arguments when SASL is > selected (by lack of -x) only lead to a warning, not an error (unless > there is an override flag).
Filed ITS#5753 which trys to make it possible to explicitly specify -D together with SASL bind but still assume -x (simple bind) automagically for a single -D. Ciao, Michael.
