https://bugs.openldap.org/show_bug.cgi?id=9256
--- Comment #9 from Karl O. Pinc kop@karlpinc.com --- On Mon, 18 May 2020 09:48:20 +0000 openldap-its@openldap.org wrote:
--- Comment #8 from Ondřej Kuzník ondra@mistotebe.net --- thanks for continuing to work on this. I've had a look at your latest patch. It looks better, now we need to make sure we nail down the explanation in all cases mentioned.
Running a quick check with authorization (idassert etc.) it seems a bit more complicated than described. Access looks to be checked with the credentials of the authenticated account, not anonymous. Have a look at the code or slapd (level acl) logs in scenarios like test014/028 to see what actually happens.
I'll take a look when I get a chance. Thanks for the help.