Thanks, Howard; I think I'm beginning to understand this.
So, the AUTHENTICATION piece is done by SASL using digest_md5, an 'external' connection to TLS, etc. But the AUTHORIZATION piece is handled by the rules defined in the access control policy section of slapd.conf, right?
Thanks
tl
-- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/