[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Auth access for search-based mappings?
- To: openldap-technical@openldap.org
- Subject: Auth access for search-based mappings?
- From: Jaap Winius <jwinius@umrk.nl>
- Date: Fri, 15 Jan 2010 20:14:54 +0100
- Content-disposition: inline
- User-agent: Internet Messaging Program (IMP) H3 (4.1.5)
Hi folks,
Today I've been using my OpenLDAP v2.4.11 lab setup, the config for
which includes MIT Kerberos V, SASL and GSSAPI, to experiment with
this feature:
15.2.6. Search-based mappings
http://www.openldap.org/doc/admin24/sasl.html#Search-based mappings
It doesn't seem to difficult, but it's not really working for me
either. In particular, I can't get slapd to search beyond the first of
several authz-regexp statements, as shown in the "more complex site"
example. Then I noticed this statement at the very end of the section:
"Note as well that authz-regexp internal search are subject
to access controls. Specifically, the authentication identity
must have auth access."
It sounds important, but I'm not sure what to do with it. Does it mean
all users need auth access to the entire DIT? I tried that, but to no
avail.
Can someone please explain?
Thanks,
Jaap