https://bugs.openldap.org/show_bug.cgi?id=10065
--- Comment #17 from [email protected] --- This is looking much more complex than what I first envisioned. When I first lodged this report I thought it was the ssf that governed the EXTERNAL mechanism and that getting it to work would be as simple as plugging in an ssf for the proxy. I see now that won't work. the authid is what is needed. Coming back to > What is preventing you from exposing slapd to your clients directly? If there was a simple qualification check that was applied to the authid immediately after it was created, and the connection closed immediately if it failed, I would happily do away with the proxy. Something like olcAuthzQualifyRegExp: <match> [ACCEPT|REJECT] This seemed like a much bigger ask at the time. Now I'm not so sure. -- You are receiving this mail because: You are on the CC list for the issue.
