From: Kurt Zeilenga <kurt@openldap.org>
Date: Tue, 27 Jun 2006 20:22:28 +0000 (+0000)
Subject: Add note about "auth" access requirement for authz-regexp
X-Git-Tag: OPENLDAP_REL_ENG_2_4_3ALPHA~9^2~75
X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=aac45b994e14dd31eecbcc442802034244e76c88;p=openldap

Add note about "auth" access requirement for authz-regexp
---

diff --git a/doc/guide/admin/sasl.sdf b/doc/guide/admin/sasl.sdf
index c6c5f359bc..00e2c4739e 100644
--- a/doc/guide/admin/sasl.sdf
+++ b/doc/guide/admin/sasl.sdf
@@ -483,6 +483,10 @@ Note that the explicitly-named realms are handled first, to avoid
 the realm name becoming part of the UID.  Also note the use of scope
 and filters to limit matching to desirable entries.
 
+Note as well that {{EX:authz-regexp}} internal search are subject
+to access controls.  Specifically, the authentication identity
+must have {{EX:auth}} access.
+
 See {{slapd.conf}}(5) for more detailed information.