--- Comment #2 from Karl O. Pinc <kop(a)karlpinc.com> ---
(In reply to Howard Chu from comment #1)
(In reply to Karl O. Pinc from comment #0)
> E.g. knowing that
> (objectClass=*) is the default filter, and that there's _always_ _some_
This is fundamental to LDAP. Everyone administering slapd should already
That's as may be, but someone doing their first installation may not have it in
their mind or be immediately aware of all the implications. It is easy to
forget; ldapsearch does not require a filter be specified.
Regardless, the authorization required for SASL binding is seemingly unrelated
to that required for simple binding. Simple binding does not require
authorization to the entry pseudo-attribute or the objectClass attribute, even
though some sort of search/lookup must be done internally. Anyone trying to
configure authorization for SASL binding based on their experience with simple
binding will be mislead, even if only doing direct DN mapping.
Being explicit about SASL authorization requirements goes a long way toward
reducing the effort involved in setting up SASL.
You are receiving this mail because:
You are on the CC list for the bug.