I have some doubts about ACLs containing "by users" and the term
"authenticated clients" used in the man pages: If I bind with SASL/EXTERNAL
(e.g. over LDAPI) and the authc-DN does *not* map to an authz-DN of a real
directory entry what does "by users" then mean exactly?
It seems that slapd grants access with clause "by users" but I feel this is
wrong. I'd prefer if "users" would mean fully-identified clients mapped to
I saw that slapd.access(5) also mentions "realusers" for the <WHO> field
using this instead of "users" makes no difference.