[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: ACLs



> Until the SaslRegExp directive gets used, SASL identities
> have no relation to
> user dn's. uid=steve may be able to write to userPassword under
> "uid=steve,ou=People,dc=sprinter,dc=org", but ldappasswd while being
> authenticated as this identity will result in a error. Using
> SASL/GSSAPI will
> make this statement pointless, but there may be cases when an
> actual dn is
> desired. Such as using the dnattr ACL directive.

Indeed. But for me it's working now. Users who authenticate with SASL now
get write or read permissions on the things they should. Although it would
be nice if there was a real relation between the two. :) When will the
saslregexp directive be generally available? In 2.1?

Grtz,
	Eon.