[Date Prev][Date Next] [Chronological] [Thread] [Top]

by users in <WHO> field


I have some doubts about ACLs containing "by users" and the term
"authenticated clients" used in the man pages: If I bind with SASL/EXTERNAL
(e.g. over LDAPI) and the authc-DN does *not* map to an authz-DN of a real
directory entry what does "by users" then mean exactly?

It seems that slapd grants access with clause "by users" but I feel this is
wrong. I'd prefer if "users" would mean fully-identified clients mapped to a
real entry.

I saw that slapd.access(5) also mentions "realusers" for the <WHO> field but
using this instead of "users" makes no difference.

Ciao, Michael.