Hi,No, it is correct in 2.3. It was wrong in 2.2.
with OpenLDAP-2.3.11 it seems that sasl authentication with external
mechanism via ldapi is flawed.
Notice that when normalized on the server, the gidNumber comes before the uidNumber.,---- | dieter@rubin:~> ldapwhoami -Y external | SASL/EXTERNAL authentication started | SASL username: uidNumber=1000+gidNumber=100,cn=peercred,cn=external,cn=auth | SASL SSF: 0 | dn:gidNumber=100+uidNumber=1000,cn=peercred,cn=external,cn=auth | Result: Success (0) `----
-- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc OpenLDAP Core Team http://www.openldap.org/project/