> I skimmed RFC 4513 (sans coffee) and didn't find the section you're > referring to. I did see that RFC 4422 (last paragraph of section 3.6) > seems to suggest that OS X's and OpenLDAP's behavior is legitimate and > useful. I'm not sure I read that there. I see this : It is also important that the server can be configured such that the outcome message will not distinguish between a valid user with invalid credentials and an invalid user. This is eactly what I was saying and would appear to be the opposite of what OpenLDAP have implemented. Back and bit in that same paragraph it says : The outcome is not successful if ... - the client's credentials could not be verified, which again seems to be in line with the FDS implementation because it tells the client that the authentication attempt was unsuccessful.
