Michael Ströder wrote:
Gavin Henry wrote:
> Michael Ströder wrote:
>> I tried to migrate an existing server from 2.3.39 to 2.4.7 (or also
>> CVS RE24). I'm making use of authz-regexp to map user entries when
>> they do a SASL Bind with DIGEST-MD5. Also some ACLs are in effect.
>> This together used to work on 2.3.x with the existing ACLs.
>> With 2.4.7 this worked no longer. The user wasn't found. In the ACL
>> debug log I've noticed that access to the search root database entry
>> (suffix) is requested. When I explicitly grant auth access to this
>> entry it works. But why is that needed? Was this an intended change?
> Can you paste them?
I've prepared a simplified slapd.conf and a LDIF file (both attached)
for this particular migration issue.
As requested I've files an ITS for that: