Today I've been using my OpenLDAP v2.4.11 lab setup, the config for
which includes MIT Kerberos V, SASL and GSSAPI, to experiment with
15.2.6. Search-based mappings
It doesn't seem to difficult, but it's not really working for me
either. In particular, I can't get slapd to search beyond the first of
several authz-regexp statements, as shown in the "more complex site"
example. Then I noticed this statement at the very end of the section:
"Note as well that authz-regexp internal search are subject
to access controls. Specifically, the authentication identity
must have auth access."
It sounds important, but I'm not sure what to do with it. Does it mean
all users need auth access to the entire DIT? I tried that, but to no
Can someone please explain?