[Date Prev][Date Next]
Re: authz-regexp matches twice on same dse (ITS#4698)
Pierangelo Masarati wrote:
> I don't see an error in OpenLDAP software here. authz regexp matching is
> designed to succeed only if the identity is univoquely resolved to exactly one
> DN. I'm afraid but I cannot even imagine how slapd could decide to pick one out
> of many DNs when authenticating a user; I guess noone else can.
Matched dn's are unique, as they describing the same Entry:
"(|(cn=works)(uid=works))" and "(|(cn=worksalso)(uid=worksalso))" matching
either attribute, whereas "(|(cn=works)(uid=works))" matches twice, but
describes the same object.
ldapsearching for "(|(cn=fails)(uid=fails))" will also return only the one
and unique entry "uid=fails,dc=example,dc=org"