[Issue 9657] Different access privileges required for SIMPLE BIND (attr: userPassword) and SASL BIND (whole entry)

30 Aug 2021


      https://bugs.openldap.org/show_bug.cgi?id=9657
--- Comment #1 from Michael Ströder michael@stroeder.com ---
On 8/30/21 18:35, openldap-its@openldap.org wrote:
...
This is inconsistent.  SASL bind shall also request only AUTH access to the
userPassword, just as SIMPLE BIND does.
Isn't that somewhat expected?
SASL has to find the user's entry and this requires at least auth access
to the entry pseudo attribute.
Furthermore there are various password-less SASL mechs for which you
might also want to have some authc access control, e.g. for temporarily
deactivating authc.
-- 
You are receiving this mail because:
You are on the CC list for the issue.

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

[Issue 9657] Different access privileges required for SIMPLE BIND (attr: userPassword) and SASL BIND (whole entry)