https://bugs.openldap.org/show_bug.cgi?id=9256
--- Comment #17 from [email protected] <[email protected]> --- In the patch, the line: +attribute of the authorizing identity and/or on the ends with a space. Moreover, https://www.openldap.org/doc/admin25/access-control.html#Basic%20ACLs states: Generally one should start with some basic ACLs such as: access to attrs=userPassword by self =xw by anonymous auth by * none access to * by self write by users read by * none Per https://bugs.openldap.org/show_bug.cgi?id=9657, for SIMPLE bind, anonymous needs auth access only to the userPassword attribute, but for SASL bind, anonymous needs access to the whole entry. I propose removing "by * none", as it is implicit. I propose extending the patch, to state for this particular example, that the example is suitable for SIMPLE bind, and unsuitable for SASL bind. (well “access to attrs=userPassword by self =xz” shall still be preserved). Provide example that works with SASL bind, e.g. access to attrs=userPassword by self =xw access to * by anonymous auth by self write by users read (without by * none, since it is explicit). -- You are receiving this mail because: You are on the CC list for the issue.
