15 Sep
2007
15 Sep
'07
3:31 p.m.
Turbo Fredriksson wrote:
"Buchan" == Buchan Milne bgmilne@staff.telkomsa.net writes:
Buchan> As such, the LDAP server wasn't even consulted about Buchan> whether it knows anything about your account, only that it Buchan> should map your SASL identity to a DN (that need not exist Buchan> in the directory).So what's the point of having {SASL} in the userPassword then?
No one ever said there was any point to it. Why are you using it if you don't understand what it's for?
And if it wasn't the sasl regexp, shouldn't my auth req DN be:
uid=turbo,cn=REALM,cn=sasl,cn=authAnd that DN don't have any special access, so how come I got full access to the object(s), and not the anonymous read access that I expected?
'only that it should map your SASL identity to a DN'... That's translated into a 'correct' DN by the sasl regexp - which worked... ?
From the sound of it, yes, the SASL regexp worked as it should.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/