https://bugs.openldap.org/show_bug.cgi?id=7084
--- Comment #3 from Michael Ströder <[email protected]> --- Maybe my original comment was not clear enough. Of course it is sufficient for most use-cases to just check authz-DN != entryDN. My suggestion was to define a new attribute for a pwdPolicy entry for defining authz-IDs considered to be an administrator - kind of an additional constraint to the condition above. The syntax could be similar or the same to that already implemented for authzTo/authzFrom attributes. But no proxy authorization allowed at all. -- You are receiving this mail because: You are on the CC list for the bug.
