Re: Problem with back-ldap and slapo-rwn

9 Apr 2008


      Torsten Schlabach (Tascel eG) wrote:
...
Hi!
...
It works this way:
[...]
Ok. But in the very case, it's actually not the client who would want to
read the authzTo attribute, but Server B. Server B tries to decide if a
specific user who authenticated is allowed to assume the authorization
of a different user. For that reason, Server B tries to read the authzTo
attribute of the user object. That user object lives on Server A and
does not have an authzTo attribute but only a saslAuthzTo attribute, due
to the fact that the name of that internal attribute changed between 2.2
and 2.3.
Why not just patch the 2.2 server to include authzTo as an alias of the 
saslAuthzTo attribute?
-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

Re: Problem with back-ldap and slapo-rwn