Re: Feature Request: slapd: expose SASL EXTERNAL identity to olcAccess rules

On 2/08/2023 12:34 am, David Hawes wrote:

I created a dynacl a while back that does what I think Sean is looking for: use the SASL_AUTH_EXTERNAL property to allow auth access to userPassword. My original use case was to get rid of an IP whitelist and instead use TLS client auth to control what clients can perform a simple bind, but it can be used for pretty much any access you'd like.

I've attached a simplified version of that dynacl that does away with instance-specific checks.

OMG. You may have just saved me months of work. Getting up that learning curve would definitely not be straightforward.

Thank you.