Hi, I'm sending corrected patches. All your suggestions and objections have been addressed except maybe for this:
If the SDAP_SASL_AUTHID has been explicitly set, but the SDAP_SASL_REALM hasn't, why are you overriding SDAP_SASL_AUTHID with select_principal_from_keytab()?
I agree with you that the code made a little sense before. I did a little modification, so the SDAP_SASL_AUTHID isn't changed if possible. Here I'd like to know your opinion. We might want to prioritize the configuration entered by admin. My current approach prioritizes an actual content of the keytab if either SDAP_SASL_AUTHID or SDAP_SASL_REALM isn't entered. That means in case keytab doesn't contain principal matching the desired one, another one (based on the preference in select_principal_from_keytab()) is selected.
If the user configuration had absolute priority, there would be a comparison right after the best principal is selected by select_principal_from_keytab() and in case the selected principal doesn't correspond to the configured one, an error should be raised.
What do you think the best approach is for this?
Jan