On Thursday 24 July 2008 19:07:38 Pierangelo Masarati wrote:
Yes, it is a known issue. When slapo-rwm was first designed, however, it could only be stacked on top of a database, so it would have been bypassed by SASL bind anyway.
Would that still be the case if internal auxprop authentication was used? In that case I think that a SASL bind would result in an internal search op being performed. The problem then on the slapo-rwm level is how to distinguish between the search performed in order to complete the SASL bind and other searches.
However, it is not clear (to me) why one should rewrite a DN resulting from a authz-regexp instead of directly modifying the authz-regexp in the first place.
The downside of using authz-regexp is that it seems you cannot assign a variable with the '${&&name(value)}' syntax and make it available to the other rewrite contexts using '${**name}'. If authz-regexp was somehow integrated with slapo-rwm then there wouldn't be a problem.