On Wed, 29 Aug 2018 at 01:14:51 +0100, Howard Chu wrote: Thanks for the quick fix! Not sure why rc's value is preserved here but set to LDAP_INAPPROPRIATE_AUTH in all other failing cases, though. But that doesn't seem to matter beside debug logs now showing a return value other than 48, disclosing the actual reason of the failure; for instance <== slap_sasl_authorized: return 16 SASL Proxy Authorize [conn=1022]: proxy authorization disallowed (16) for a missing authTo under authz-policy "all". -- Guilhem.