Jump to content

Wikipedia:Reference desk/Archives/Computing/2009 April 3

From Wikipedia, the free encyclopedia
Computing desk
< April 2 << Mar | April | May >> April 4 >
Welcome to the Wikipedia Computing Reference Desk Archives
The page you are currently viewing is an archive page. While you can leave answers for any questions shown below, please ask new questions on one of the current reference desk pages.


April 3

[edit]

Please correct the sentence

[edit]

This line in Lightweight Directory Access Protocol is quite perplexing to me: "The client may also send a certificate to prove its identity. After doing so, the client may then use SASL/EXTERNAL to have this identity used in determining the identity used in making LDAP authorization decisions."

Is this a grammatical error or a technical one? Probably not the latter as the line was added by Kurt Zeilenga who is the author of several RFCs and was the founder and architect of the OpenLDAP project. Jay (talk) 08:42, 3 April 2009 (UTC)[reply]

I think it's probably a grammatical error -- or perhaps more to the point, a brain fart. I think the sentence is supposed to read, "After doing so, the client may then use this identity with SASL/EXTERNAL when making LDAP authorization decisions." (Or, perhaps, "...may then have SASL/EXTERNAL use this identity when making...") I'm guessing, of course -- that is the kind of a sentence that tends to send the reader's parser into conniptions. -- Captain Disdain (talk) 09:08, 3 April 2009 (UTC)[reply]


Are you sure the sentence is incorrect (though it is most certainly unclear)? To me, it parses as:

The client supplies a certificate to prove its identity. The client then uses SASL/EXTERNAL (a mechanism for sharing authentication information) to request its (newly established) TLS identity be added to the list of identities used in making authorization decisions for this connection on the server.

Presumably, the client has no control over *how* the server decides which identity to use for further authorization decisions (and may supply credentials that the server disregards entirely). For example, all LDAP users are given access to "common" directories, but access to private directories is limited to admin users with a certificate. A client who has already authenticated as a user (identity:user) enters a TLS and supplies the admin certificate, which is validated. The client then requests that the new TLS authentication (identity:admin) be added to its session for further authorization requests. The client then requests a private directory; the server verifies the client has an authorized identity (admin) and processes the request. The client then requests a common directory; the server verifies the client has an authorized identity (user) and processes the request. (The preceding is speculation; I have no experience with LDAP.) – 74  12:07, 3 April 2009 (UTC)[reply]

Can this be done?

[edit]

How could i connect an IDE hard drive to my computer that has only one IDE header on the motherboard? currently the only thing connected to it is my DVD Burner. I am not planning to dual boot or anything but just use it as a storage thing. How do i connect it so that it doesn't screw up my configuration?  Buffered Input Output 13:04, 3 April 2009 (UTC)[reply]

A given IDE host interface can support two IDE devices (known as the master and the slave). Either your current IDE cable has three connectors (one for the host, and one each for those two devices) or you should get one that does. It's generally necessary to configure both devices with jumpers, to make one master and one slave. If you need to support yet more IDE devices, and your motherboard doesn't have another IDE host connector, you can find inexpensive IDE RAID cards (which, contrary to what the name RAID suggest, will also allow each disk to work normally - standalone, not part of a RAID volume). Dog Day Today (talk) 13:33, 3 April 2009 (UTC)[reply]