On 7/31/2023 9:10 AM, Howard Chu wrote:

The fact that the TLS session is already authenticated is irrelevant. Transport layer and Application layer are separate and independent. If a client wants to be authenticated on the LDAP layer it must request it.

Does the RFC explicitly authorize controlling access based on the client's IP address?
Does slapd allow controlling access based on the client's IP address?

-- 
Jordan Brown, Oracle ZFS Storage Appliance, Oracle Solaris