On 9/7/06, Richard Megginson <rmeggins@xxxxxxxxxx> wrote:
I checked RFC 4513 - http://www.ietf.org/rfc/rfc4513.txt - it doesn't say anything about the correct result code to return in this case, other than it is an error if anything other than success or bindinprogress is returned. You might want to ask on ldap@xxxxxxxxx or on IRC.freenode.net #ldap if there is a standard that covers this case.
Thanks for the suggestion. I'll ask. I skimmed RFC 4513 (sans coffee) and didn't find the section you're referring to. I did see that RFC 4422 (last paragraph of section 3.6) seems to suggest that OS X's and OpenLDAP's behavior is legitimate and useful. Even if the standards permit either behavior (and even if it's slightly more secure to not reveal additional information, as David Boreham pointed out), wouldn't it be worth having FDS compatible with OpenLDAP and OS X? Josh Kelley -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
