On Wed, 29 Aug 2018 at 01:14:51 +0100, Howard Chu wrote:

Thanks for the report. Looks like this has been present since commit 113727ba. Fixed now in git master

Thanks for the quick fix! Not sure why rc's value is preserved here but set to LDAP_INAPPROPRIATE_AUTH in all other failing cases, though. But that doesn't seem to matter beside debug logs now showing a return value other than 48, disclosing the actual reason of the failure; for instance

<== slap_sasl_authorized: return 16 SASL Proxy Authorize [conn=1022]: proxy authorization disallowed (16)

for a missing authTo under authz-policy "all".