https://bugs.openldap.org/show_bug.cgi?id=8729
Ryan Tandy ryan@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |WORKSFORME Status|UNCONFIRMED |RESOLVED
--- Comment #1 from Ryan Tandy ryan@openldap.org --- Hello, I'm afraid I can't reproduce this. I'm using OpenLDAP 2.4.47 and Heimdal on Debian buster.
I've configured slapd both as a server (allowing clients to authenticate using GSSAPI) and as a client (running a syncrepl client with GSSAPI bind). I have broken the setup in a bunch of different ways (removing slapd's credentials cache; stopping the KDC; entering wrong info in /etc/krb5.conf; deleting /etc/krb5.conf) and I have not seen it fail to respect my olcAuthzRegexp rules for EXTERNAL (tested ldapi: gidNumber/uidNumber as well as TLS client cert).
Marking WORKSFORME, but feel free to reopen if you can provide further info about your case. Thanks!