Kurt D. Zeilenga writes: >At 01:57 PM 7/1/2005, Hallvard B Furuseth wrote: >> authz-regexp (OpenLDAP 2.3) seems to only work for SASL. >> I note it was called sasl-regexp before. > > Yes, because it was originally just for mapping SASL authorization > identities. Now it can map some additional authorization > identities, such when using the proxied authorization control. > >> Will it be changed to work for Simple Bind? > > Well, it could be changed to map the authenticated > identity, which normally becomes the authorization > identity, to some other authorization identity. > One likely could do that with an overlay.
OK. But then the doc should be changed to say when authz-regexp is used. The current doc gives the impression that it always is. >> authz-regexp "^.*" "uid=hbf,cn=people,dc=uio,dc=no" >> does not let anyone log in with my password and access:-) > > Wouldn't this mean that any authenticated user would be act > as "uid=hbf,cn=people,dc=uio,dc=no" authorization identity? Ah. I got confused by "Used by the authentication framework" in the doc. Maybe that should be "by the authorization framework"? And "...convert *authenticated* user names ...". -- Hallvard Don't anthropomorphize computers. They hate that.
