https://bugs.openldap.org/show_bug.cgi?id=9256
--- Comment #3 from Ondřej Kuzník <[email protected]> --- On Mon, May 04, 2020 at 11:14:41PM +0000, [email protected] wrote: > Created attachment 727 > --> https://bugs.openldap.org/attachment.cgi?id=727&action=edit > Patch massaging the SASL binding requirement docs > > While some ACL requirements for SASL binding are documented, some are not. > E.g, that olcAuthzRegexp requires =x on objectClass when direct DN mapping is > not documented. Other requirements can be reasoned out based on the existing > documentation, but this can be very difficult when unfamiliar with all the > moving parts and the places they are documented. E.g. knowing that > (objectClass=*) is the default filter, and that there's _always_ _some_ > filter, > and connecting this with ACLs required to do search-based SASL mapping. > > The attached patch brings all the SASL binding requirements together in one > place in the docs and makes everything explicit. The word "SASL" is included, > for those searching for that keyword. Hi Karl, thanks for taking the time to improve the documentation. I have a few notes: "depending on the SASL mechanism in use." why not say something like "if authz-regexp remapping is in place". Maybe keep the slapd.conf->cn=config changes to a separate commit. In the paragraph "Some internal operations..." not sure such sweeping changes are really needed, maybe just saying the default filter equals to objectclass=* if not specified would simplify and clarify that part? Regards, -- You are receiving this mail because: You are on the CC list for the bug.
