Andrew Findlay wrote:

I was referring to documentation, where the only bit of the admin guide that really talks about proxy authorisation is the SASL section.

Ah, OK. Note that since some point in 2.3, authorization is described by a specific syntax http://www.openldap.org/faq/data/cache/1254.html, which should probably be advertised a bit more (and moved out from the experimental OID arc).

p.

Ing. Pierangelo Masarati OpenLDAP Core Team

SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ----------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: ando@sys-net.it -----------------------------------