From 80c2bb50032c570e5de76de3b0f32845eeb84803 Mon Sep 17 00:00:00 2001
From: Pierangelo Masarati <ando@openldap.org>
Date: Wed, 8 Dec 2004 19:09:54 +0000
Subject: [PATCH] clarify why we don't accept scheme other than ldap:// in
 authz-regexps

---
 servers/slapd/saslauthz.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/servers/slapd/saslauthz.c b/servers/slapd/saslauthz.c
index 52d928f512..a770ef62a8 100644
--- a/servers/slapd/saslauthz.c
+++ b/servers/slapd/saslauthz.c
@@ -411,6 +411,13 @@ is_dn:		bv.bv_len = uri->bv_len - (bv.bv_val - uri->bv_val);
 	rc = ldap_url_parse( uri->bv_val, &ludp );
 	switch ( rc ) {
 	case LDAP_URL_SUCCESS:
+		/* FIXME: the check is pedantic, but I think it's necessary,
+		 * because people tend to use things like ldaps:// which
+		 * gives the idea SSL is being used.  Maybe we could
+		 * accept ldapi:// as well, but the point is that we use
+		 * an URL as an easy means to define bits of a search with
+		 * little parsing.
+		 */
 		if ( strcasecmp( ludp->lud_scheme, "ldap" ) != 0 ) {
 			/*
 			 * must be ldap:///
-- 
2.39.5