[Date Prev][Date Next]
by users in <WHO> field
- To: openldap-software@OpenLDAP.org
- Subject: by users in <WHO> field
- From: Michael Ströder <email@example.com>
- Date: Thu, 01 Apr 2010 17:49:31 +0200
- User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:184.108.40.206) Gecko/20100317 Lightning/1.0b1 SeaMonkey/2.0.4
I have some doubts about ACLs containing "by users" and the term
"authenticated clients" used in the man pages: If I bind with SASL/EXTERNAL
(e.g. over LDAPI) and the authc-DN does *not* map to an authz-DN of a real
directory entry what does "by users" then mean exactly?
It seems that slapd grants access with clause "by users" but I feel this is
wrong. I'd prefer if "users" would mean fully-identified clients mapped to a
I saw that slapd.access(5) also mentions "realusers" for the <WHO> field but
using this instead of "users" makes no difference.