Howard Chu writes: >Pierangelo Masarati wrote: >>>> uidnumber=0+gidnumber=0,cn=peercred,cn=external,cn=auth >>>> (...) >>> But why aren't slapd's DN normalization routines being used here >>> considering it is slapd which adds that? > (...) > slapd is hardcoded to generate DNs in this form for SASL/EXTERNAL over > ldapi. It's been like this for a long time now, since release 2.2.13.
It doesn't work to use either that DN or gidnumber=0+uidnumber=0,... as rootdn in OpenLDAP 2.3.4, probably because rootdn does get normalized. A workaround is to rewrite it to the rootdn with authz-regexp. -- Hallvard
