[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP with GSSAPI problem



Quoting "Howard Chu" <hyc@highlandsun.com>:

> As I already stated - saslRegexp mapping is a purely optional step.

I find this a very theoretical statement. True, but not in 'the real' world.

Why would you authenticate, if there's no need for it? You need this mapping
to be able to do ACL/ACI checking, and that's the only reason for authenticating
in the first place... If you don't need to check if you have access to something/
anything, there's no need to authenticate.. ?

Unless you use a ACL/ACI like 'by users ...' that is.