https://bugs.openldap.org/show_bug.cgi?id=9657
--- Comment #4 from Michael Ströder <[email protected]> --- On 8/30/21 18:49, [email protected] wrote: > I expect that the simple bind > > ldapwhoami -x -D "uid=lui.veve;ou=persons;o=AEGEE" -w up1 -H > ldap://localhost/ > > is in all matters identical to > > ldapwhoami -Y LOGIN -U"lui.veve" -w up1 -H ldap://localhost/ > > and the whole purpose of olcAuthzRegexp is to rewrite the username. That's a false assumption. >> SASL has to find the user's entry > > Simple bind does not have to find the user’s entry? Yes. To be very clear on this: I would be really angry if the current behaviour would be changed because it will seriously break security properties of existing systems (e.g. https://ae-dir.com and all my other customer setups). It's easy for you to simply fix your ACLs and be done with it. -- You are receiving this mail because: You are on the CC list for the issue.
