[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: rwm and sasl authz
On Thursday 24 July 2008 19:07:38 Pierangelo Masarati wrote:
> Yes, it is a known issue. When slapo-rwm was first designed, however, it
> could only be stacked on top of a database, so it would have been bypassed
> by SASL bind anyway.
Would that still be the case if internal auxprop authentication was used? In
that case I think that a SASL bind would result in an internal search op
being performed. The problem then on the slapo-rwm level is how to
distinguish between the search performed in order to complete the SASL bind
and other searches.
> However, it is not clear (to me) why one should
> rewrite a DN resulting from a authz-regexp instead of directly modifying
> the authz-regexp in the first place.
The downside of using authz-regexp is that it seems you cannot assign a
variable with the '${&&name(value)}' syntax and make it available to the
other rewrite contexts using '${**name}'. If authz-regexp was somehow
integrated with slapo-rwm then there wouldn't be a problem.