--On Tuesday, April 02, 2019 12:39 AM +0200 Patrik Lundin
What is the proper way to make sure only non-anonymous binds are allowed
to utilize idassert-bind credentials?
I had an extensive discussion with Howard about this today. Here's the
a) The FAQ is incorrect (I will fix this).
b) Pierangelo's email is correct
c) "dn:*" and "dn.regex=.*" are equivalent
d) The slapd-ldap man page needs to be fixed. I will file an ITS on this.
The idassert-authzFrom directive follows the same rules as described in the
slapd.conf(5) man page for authz-policy EXCEPT for it special casing "*" to
allow anonymous to work.
Hope that helps!
Packaged, certified, and supported LDAP solutions powered by OpenLDAP: