https://bugs.openldap.org/show_bug.cgi?id=9657
--- Comment #5 from Ondřej Kuzník ondra@mistotebe.net --- On Mon, Aug 30, 2021 at 04:49:56PM +0000, openldap-its@openldap.org wrote:
and the whole purpose of olcAuthzRegexp is to rewrite the username.
SASL has to find the user's entry
Simple bind does not have to find the user’s entry?
I would note that the purpose of olcAuthzRegexp is to locate the right identity (entry), not just do username rewriting. If that entry belongs to a database with configured ACLs, those apply to give the admin a chance to control this part of the authentication+authorization process.
If you want to improve the existing documentation, please help review ITS#9256 which, sadly, has been on hold for a while. And maybe propose tweaks/additions to the admin guide, that would be much appreciated.
Thanks,