At 01:57 PM 7/1/2005, Hallvard B Furuseth wrote: >authz-regexp (OpenLDAP 2.3) seems to only work for SASL. >I note it was called sasl-regexp before.
Yes, because it was originally just for mapping SASL authorization identities. Now it can map some additional authorization identities, such when using the proxied authorization control. >Will it be changed >to work for Simple Bind? Well, it could be changed to map the authenticated identity, which normally becomes the authorization identity, to some other authorization identity. One likely could do that with an overlay. >Its manpage section says it should >work in general, though it mostly talks about SASL. >E.g. > authz-regexp "^.*" "uid=hbf,cn=people,dc=uio,dc=no" >does not let anyone log in with my password and access:-) Wouldn't this mean that any authenticated user would be act as "uid=hbf,cn=people,dc=uio,dc=no" authorization identity? Kurt >-- >Hallvard >Don't anthropomorphize computers. They hate that.
