some notes on access required by proxyAuthz control;

author Pierangelo Masarati <ando@openldap.org>

Thu, 18 Dec 2003 00:27:01 +0000 (00:27 +0000)

committer Pierangelo Masarati <ando@openldap.org>

Thu, 18 Dec 2003 00:27:01 +0000 (00:27 +0000)
author Pierangelo Masarati <ando@openldap.org>
Thu, 18 Dec 2003 00:27:01 +0000 (00:27 +0000)
committer Pierangelo Masarati <ando@openldap.org>
Thu, 18 Dec 2003 00:27:01 +0000 (00:27 +0000)
diff --git a/doc/man/man5/slapd.access.5 b/doc/man/man5/slapd.access.5

index f2bbcde75b16201f4b9805142915d975eb4eef18..c01b7ce4babf94931b2d3240d848eac9435b5f08 100644 (file)
--- a/doc/man/man5/slapd.access.5
+++ b/doc/man/man5/slapd.access.5
@@ -584,6 +584,25 @@ access to the attribute holding the referral information
  (generally the
  .B ref
  attribute).
+.LP
+Some
+.B controls
+require specific access privileges.
+The
+.B proxyAuthz
+control requires
+.B auth (=x)
+privileges on all the attributes that are present in the search filter
+of the URI regexp maps (the right-hand side of the
+.B sasl-regexp
+directives).
+It also requires
+.B auth (=x)
+privileges on the
+.B saslAuthzTo
+attribute of the authorizing identity and/or on the 
+.B saslAuthzFrom
+attribute of the authorized identity.
  .SH CAVEATS
  It is strongly recommended to explicitly use the most appropriate
  .BR <dnstyle> ,
author	Pierangelo Masarati <ando@openldap.org>
	Thu, 18 Dec 2003 00:27:01 +0000 (00:27 +0000)
committer	Pierangelo Masarati <ando@openldap.org>
	Thu, 18 Dec 2003 00:27:01 +0000 (00:27 +0000)