Hallvard B Furuseth wrote:
authz-regexp (OpenLDAP 2.3) seems to only work for SASL.
I note it was called sasl-regexp before. Will it be changed
to work for Simple Bind? Its manpage section says it should
work in general, though it mostly talks about SASL.
E.g.
authz-regexp "^.*" "uid=hbf,cn=people,dc=uio,dc=no"
does not let anyone log in with my password and access:-)
It was never intended to do that. Proxy Authorization allows users to
login with their own password, and obtain the authorization of another
user. Note that authz-regexp only takes effect when Proxy Authorization
is being performed. I don't believe it is legal to use the Proxy
Authorization control with Bind requests, although I agree that it could
be useful. Pretty sure we debated this a while back.
--
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com http://highlandsun.com/hyc
Symas: Premier OpenSource Development and Support
