-----Ursprüngliche Nachricht----- Von: Ferenc Wagner <[email protected]> > You do not "logon", you use external authentication, which means there's > no separate BIND step, like with simple bind (-x) for example. External > authenication is not done by slapd (hence its name; it's done by the > kernel in the above case), thus slapd can't fail it. The only LDAP > operation it sees is a search, and the authenticated DN > (gidNumber=X+uidNumber=Y,...) is not authorized for that, so the result > is "No such object". As ACLs belong to target objects, they are not > suitable for forcing server disconnection as soon as the authenticated > DN is known. Maybe LDAP doesn't even allow such behaviour.
Hi, thank you for clarification. Stefan
