Description of problem:
The EXTERNAL SASL mech should only be advertised to clients if the server has a
useful mapping to attach it to. For example, if SSL client certificate matching
is configured, or if ldapi:// support is implemented, and getpeername() is
Version-Release number of selected component (if applicable):
Fedora DS 1.0.4
Steps to Reproduce:
1. Setup a default install of fedora DS
2. Search the rootDSE for supportedSASLMechs on an ldap://, not TLS connection
3. Notice that EXTERNAL is listed
This should not appear
Apparenetly already pointed out by Howard Chu, OpenLDAP has the correct behaviour.
DS7.2 is not a valid milestone anymore. Anything thats set to DS7.2 should be
set to DS8.0. Will make further changes per bug council on 07/24/2007, after this.
Falls under the category of RFC correctness
Per triage: No plan to fix this in the short term.