Add note about "auth" access requirement for authz-regexp

author Kurt Zeilenga <kurt@openldap.org>

Tue, 27 Jun 2006 20:22:28 +0000 (20:22 +0000)

committer Kurt Zeilenga <kurt@openldap.org>

Tue, 27 Jun 2006 20:22:28 +0000 (20:22 +0000)
author Kurt Zeilenga <kurt@openldap.org>
Tue, 27 Jun 2006 20:22:28 +0000 (20:22 +0000)
committer Kurt Zeilenga <kurt@openldap.org>
Tue, 27 Jun 2006 20:22:28 +0000 (20:22 +0000)
diff --git a/doc/guide/admin/sasl.sdf b/doc/guide/admin/sasl.sdf

index c6c5f359bc94b0e412cd3d5975fdc162761b7545..00e2c4739ec5fcef13f0f03fe220b00ef252f4ec 100644 (file)
--- a/doc/guide/admin/sasl.sdf
+++ b/doc/guide/admin/sasl.sdf
@@ -483,6 +483,10 @@ Note that the explicitly-named realms are handled first, to avoid
  the realm name becoming part of the UID.  Also note the use of scope
  and filters to limit matching to desirable entries.
  
+Note as well that {{EX:authz-regexp}} internal search are subject
+to access controls.  Specifically, the authentication identity
+must have {{EX:auth}} access.
+
  See {{slapd.conf}}(5) for more detailed information.
author	Kurt Zeilenga <kurt@openldap.org>
	Tue, 27 Jun 2006 20:22:28 +0000 (20:22 +0000)
committer	Kurt Zeilenga <kurt@openldap.org>
	Tue, 27 Jun 2006 20:22:28 +0000 (20:22 +0000)