Yes I didn't mean the commit was wrong. The problem is MS-AD, but before the commit it was possible to do LDAP SASL bind over an SSL/TLS connection to AD if you set min and max SSF below or equal to 128 (doesn't need to be zero).
So it would be nice to have some sort of AD compatibility mode. I think it would be okay for this mode to not follow the RFC as long as it is not the default operating mode and it is properly documented.
Yes I didn't mean the commit was wrong. The problem is MS-AD, but before the commit it was possible to do LDAP SASL bind over an SSL/TLS connection to AD if you set min and max SSF below or equal to 128 (doesn't need to be zero).
So it would be nice to have some sort of AD compatibility mode. I think it would be okay for this mode to not follow the RFC as long as it is not the default operating mode and it is properly documented.