lemons_terry@emc.com wrote:
Thanks, Howard; I think I'm beginning to understand this.
So, the AUTHENTICATION piece is done by SASL using digest_md5, an 'external' connection to TLS, etc. But the AUTHORIZATION piece is handled by the rules defined in the access control policy section of slapd.conf, right?
Yes, basic principles of computer security. Authentication (who are you?) is distinct from Authorization (what are you allowed to do?).
Thanks tl