[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Getting LDAP and SASL (digest-md5) to play nice

Michael Ströder skrev, on 07-03-2008 11:41:

You need one more attribute there, an operational attribute that you can add with ldapmodify: authzTo.

No, the authzTo attribute has nothing to do with mapping a SASL identity to a LDAP entry DN!

It is used for specifying the set of possible authz-DNs for a specific authc-DN when proxy authorization control is sent along with a LDAP request by this identity. This is a totally different thing.

Funnily enough this is what I use it for ...



Tony Earnshaw
Email: tonni at hetnet dot nl