Turbo Fredriksson wrote:
"Buchan" == Buchan Milne <[EMAIL PROTECTED]> writes:
Buchan> As such, the LDAP server wasn't even consulted about
Buchan> whether it knows anything about your account, only that it
Buchan> should map your SASL identity to a DN (that need not exist
Buchan> in the directory).
So what's the point of having {SASL} in the userPassword then?
No one ever said there was any point to it. Why are you using it if you don't
understand what it's for?
And if it wasn't the sasl regexp, shouldn't my auth req DN be:
uid=turbo,cn=REALM,cn=sasl,cn=auth
And that DN don't have any special access, so how come I got
full access to the object(s), and not the anonymous read access
that I expected?
'only that it should map your SASL identity to a DN'... That's
translated into a 'correct' DN by the sasl regexp - which worked... ?
From the sound of it, yes, the SASL regexp worked as it should.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
