It works exactly as I had hoped. Thank you for implementing this, I =
believe it will be an asset to others besides myself.
This is now implemented in back-ldap (idassert-passthru, =
olcDbIDAssertPassThru, undocumented yet).
Basically, identities matching rules formally identical to those of =
idassert-authz=46rom do not undergo identity assertion. =20
This rule is checked before idassert-authzFrom, so in case an
matches both, passthru wins. Please test and report.