Hi folks,
Today I've been using my OpenLDAP v2.4.11 lab setup, the config for which includes MIT Kerberos V, SASL and GSSAPI, to experiment with this feature:
15.2.6. Search-based mappings http://www.openldap.org/doc/admin24/sasl.html#Search-based mappings
It doesn't seem to difficult, but it's not really working for me either. In particular, I can't get slapd to search beyond the first of several authz-regexp statements, as shown in the "more complex site" example. Then I noticed this statement at the very end of the section:
"Note as well that authz-regexp internal search are subject to access controls. Specifically, the authentication identity must have auth access."
It sounds important, but I'm not sure what to do with it. Does it mean all users need auth access to the entire DIT? I tried that, but to no avail.
Can someone please explain?
Thanks,
Jaap