[Date Prev][Date Next] [Chronological] [Thread] [Top]

Auth access for search-based mappings?

Hi folks,

Today I've been using my OpenLDAP v2.4.11 lab setup, the config for which includes MIT Kerberos V, SASL and GSSAPI, to experiment with this feature:

   15.2.6. Search-based mappings
   http://www.openldap.org/doc/admin24/sasl.html#Search-based mappings

It doesn't seem to difficult, but it's not really working for me either. In particular, I can't get slapd to search beyond the first of several authz-regexp statements, as shown in the "more complex site" example. Then I noticed this statement at the very end of the section:

   "Note as well that authz-regexp internal search are subject
   to access controls. Specifically, the authentication identity
   must have auth access."

It sounds important, but I'm not sure what to do with it. Does it mean all users need auth access to the entire DIT? I tried that, but to no avail.

Can someone please explain?