From aac45b994e14dd31eecbcc442802034244e76c88 Mon Sep 17 00:00:00 2001
From: Kurt Zeilenga <kurt@openldap.org>
Date: Tue, 27 Jun 2006 20:22:28 +0000
Subject: [PATCH] Add note about "auth" access requirement for authz-regexp

---
 doc/guide/admin/sasl.sdf | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/doc/guide/admin/sasl.sdf b/doc/guide/admin/sasl.sdf
index c6c5f359bc..00e2c4739e 100644
--- a/doc/guide/admin/sasl.sdf
+++ b/doc/guide/admin/sasl.sdf
@@ -483,6 +483,10 @@ Note that the explicitly-named realms are handled first, to avoid
 the realm name becoming part of the UID.  Also note the use of scope
 and filters to limit matching to desirable entries.
 
+Note as well that {{EX:authz-regexp}} internal search are subject
+to access controls.  Specifically, the authentication identity
+must have {{EX:auth}} access.
+
 See {{slapd.conf}}(5) for more detailed information.
 
 
-- 
2.39.5