Howard Chu wrote:
> access to attrs=userPassword
> by group="ou=Simple Bind" auth
> by * break
Not quite. "auth" operations are always anonymous.
It would need to be something like
access to dn.one="ou=Simple Bind" attrs=userPassword
by anonymous auth
> access to attrs=userPassword val.regex="^{SASL}.*"
> by * auth
Right. A set would allow to define a group of users allowed to simple
bind without physically placing them under that entry; something like
access to attrs=userPassword
by set="[ou=Simple Bind]/member & this" auth
p.
Ing. Pierangelo Masarati
OpenLDAP Core Team
SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
---------------------------------------
Office: +39 02 23998309
Mobile: +39 333 4963172
Email: pierangelo.masarati(a)sys-net.it
---------------------------------------