-----Ursprüngliche Nachricht----- Von: Ferenc Wagner wferi@niif.hu

You do not "logon", you use external authentication, which means there's no separate BIND step, like with simple bind (-x) for example. External authenication is not done by slapd (hence its name; it's done by the kernel in the above case), thus slapd can't fail it. The only LDAP operation it sees is a search, and the authenticated DN (gidNumber=X+uidNumber=Y,...) is not authorized for that, so the result is "No such object". As ACLs belong to target objects, they are not suitable for forcing server disconnection as soon as the authenticated DN is known. Maybe LDAP doesn't even allow such behaviour.

Hi,

thank you for clarification.

Stefan