[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: authz-regexp without SASL

Hallvard B Furuseth wrote:
authz-regexp (OpenLDAP 2.3) seems to only work for SASL.
I note it was called sasl-regexp before.  Will it be changed
to work for Simple Bind?  Its manpage section says it should
work in general, though it mostly talks about SASL.
  authz-regexp "^.*" "uid=hbf,cn=people,dc=uio,dc=no"
does not let anyone log in with my password and access:-)

It was never intended to do that. Proxy Authorization allows users to login with their own password, and obtain the authorization of another user. Note that authz-regexp only takes effect when Proxy Authorization is being performed. I don't believe it is legal to use the Proxy Authorization control with Bind requests, although I agree that it could be useful. Pretty sure we debated this a while back.

 -- Howard Chu
 Chief Architect, Symas Corp.       Director, Highland Sun
 http://www.symas.com               http://highlandsun.com/hyc
 Symas: Premier OpenSource Development and Support