--- Comment #3 from Ondřej Kuzník <ondra(a)mistotebe.net> ---
On Mon, May 04, 2020 at 11:14:41PM +0000, openldap-its(a)openldap.org wrote:
Created attachment 727
Patch massaging the SASL binding requirement docs
While some ACL requirements for SASL binding are documented, some are not.
E.g, that olcAuthzRegexp requires =x on objectClass when direct DN mapping is
not documented. Other requirements can be reasoned out based on the existing
documentation, but this can be very difficult when unfamiliar with all the
moving parts and the places they are documented. E.g. knowing that
(objectClass=*) is the default filter, and that there's _always_ _some_ filter,
and connecting this with ACLs required to do search-based SASL mapping.
The attached patch brings all the SASL binding requirements together in one
place in the docs and makes everything explicit. The word "SASL" is included,
for those searching for that keyword.
thanks for taking the time to improve the documentation. I have a few
"depending on the SASL mechanism in use." why not say something like "if
authz-regexp remapping is in place".
Maybe keep the slapd.conf->cn=config changes to a separate commit.
In the paragraph "Some internal operations..." not sure such sweeping
changes are really needed, maybe just saying the default filter equals
to objectclass=* if not specified would simplify and clarify that part?
You are receiving this mail because:
You are on the CC list for the bug.