]> git.sur5r.net Git - openldap/commitdiff
clarify why we don't accept scheme other than ldap:// in authz-regexps
authorPierangelo Masarati <ando@openldap.org>
Wed, 8 Dec 2004 19:09:54 +0000 (19:09 +0000)
committerPierangelo Masarati <ando@openldap.org>
Wed, 8 Dec 2004 19:09:54 +0000 (19:09 +0000)
servers/slapd/saslauthz.c

index 52d928f51236d1a688c203ea1cf5e3b5ee3abc4b..a770ef62a812f0cece2c7efe4d330cf63964b5ee 100644 (file)
@@ -411,6 +411,13 @@ is_dn:             bv.bv_len = uri->bv_len - (bv.bv_val - uri->bv_val);
        rc = ldap_url_parse( uri->bv_val, &ludp );
        switch ( rc ) {
        case LDAP_URL_SUCCESS:
+               /* FIXME: the check is pedantic, but I think it's necessary,
+                * because people tend to use things like ldaps:// which
+                * gives the idea SSL is being used.  Maybe we could
+                * accept ldapi:// as well, but the point is that we use
+                * an URL as an easy means to define bits of a search with
+                * little parsing.
+                */
                if ( strcasecmp( ludp->lud_scheme, "ldap" ) != 0 ) {
                        /*
                         * must be ldap:///