https://bugs.openldap.org/show_bug.cgi?id=9657
--- Comment #2 from dpa-openldap@aegee.org dpa-openldap@aegee.org --- No, it is not expected. The expectation is to follow what the Guide suggests, and this is to grant auth privilege to anonymous only on the userPassword attribute. With the configuration
olcAuthzRegexp: uid=([^@,]+)(@aegee.org)?(,cn=aegee.org)?,cn=[^,]*,cn=auth uid=$1,ou=persons,o=AEGEE
I expect that the simple bind
ldapwhoami -x -D "uid=lui.veve;ou=persons;o=AEGEE" -w up1 -H ldap://localhost/
is in all matters identical to
ldapwhoami -Y LOGIN -U"lui.veve" -w up1 -H ldap://localhost/
and the whole purpose of olcAuthzRegexp is to rewrite the username.
SASL has to find the user's entry
Simple bind does not have to find the user’s entry?