https://bugs.openldap.org/show_bug.cgi?id=9657
--- Comment #2 from [email protected] <[email protected]> --- No, it is not expected. The expectation is to follow what the Guide suggests, and this is to grant auth privilege to anonymous only on the userPassword attribute. With the configuration olcAuthzRegexp: uid=([^@,]+)(@aegee.org)?(,cn=aegee.org)?,cn=[^,]*,cn=auth uid=$1,ou=persons,o=AEGEE I expect that the simple bind ldapwhoami -x -D "uid=lui.veve;ou=persons;o=AEGEE" -w up1 -H ldap://localhost/ is in all matters identical to ldapwhoami -Y LOGIN -U"lui.veve" -w up1 -H ldap://localhost/ and the whole purpose of olcAuthzRegexp is to rewrite the username. > SASL has to find the user's entry Simple bind does not have to find the user’s entry? -- You are receiving this mail because: You are on the CC list for the issue.
