Re: Problem with back-ldap and slapo-rwn

[Howard Chu <hyc@symas.com>]

Torsten Schlabach (Tascel eG) wrote:
> Hi!
>
>   >  It works this way:
>
> [...]
>
> Ok. But in the very case, it's actually not the client who would want to
> read the authzTo attribute, but Server B. Server B tries to decide if a
> specific user who authenticated is allowed to assume the authorization
> of a different user. For that reason, Server B tries to read the authzTo
> attribute of the user object. That user object lives on Server A and
> does not have an authzTo attribute but only a saslAuthzTo attribute, due
> to the fact that the name of that internal attribute changed between 2.2
> and 2.3.

Why not just patch the 2.2 server to include authzTo as an alias of the 
saslAuthzTo attribute?

--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/