directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Boreham <>
Subject Re: [mina] SASL support
Date Thu, 05 May 2005 14:47:45 GMT
BTW, SSL isn't totally independent and opaque either : you need to
make the cert payload available to the LDAP server in
order that it can perform cert-based auth. And the server
will need to know that the client's transport session is
SSL in order to enforce transport-type access control
(e.g. no mods to passwords accepted unless the client is connected
via SSL).

Clean layering is a fine objective, but sometimes one
needs to make software that works too ;)

View raw message