Tony Earnshaw wrote:
Michael Ströder skrev, on 07-03-2008 11:41:
You need one more attribute there, an operational attribute that you can add with ldapmodify: authzTo.
No, the authzTo attribute has nothing to do with mapping a SASL identity to a LDAP entry DN!
It is used for specifying the set of possible authz-DNs for a specific authc-DN when proxy authorization control is sent along with a LDAP request by this identity. This is a totally different thing.
Funnily enough this is what I use it for ...
But you definitely don't need it for SASL authc-DN mapping to authz-DN (user entry). So please don't give this wrong/misleading advice to someone who is just starting to get familiar with all this.
Ciao, Michael.