Fixed test033-glue-syncrepl overlay detection (ITS#4544)
Documentation
Fixed slapd(8) logging header reference (ITS#4509)
+ Clarified slapd.conf(5) "disable bind_anon" feature
OpenLDAP 2.3.21 Release
Fixed libldap referral chasing issue (ITS#4448)
* unauthenticated, and
* user/password authenticated.
-Anonymous access is obtained by providing no name and no password
-to the "simple" bind operation. Unauthenticated access is obtained
-by providing a name but no password. Authenticated access is obtain
-by providing a valid name and password.
+Anonymous access is requested by providing no name and no password
+to the "simple" bind operation. Unauthenticated access is requested
+by providing a name but no password. Authenticated access is
+requested by providing a valid name and password.
An anonymous bind results in an {{anonymous}} authorization
association. Anonymous bind mechanism is enabled by default, but
can be disabled by specifying "{{EX:disallow bind_anon}}" in
-{{slapd.conf}}(5).
+{{slapd.conf}}(5). Note that disabling the anonymous bind mechanism
+does not prevent anonymous access to the directory. To require
+authentication to access the directory, one should instead
+specify "{{EX:require authc}}".
An unauthenticated bind also results in an {{anonymous}} authorization
association. Unauthenticated bind mechanism is disabled by default,
Specify a set of features (separated by white space) to
disallow (default none).
.B bind_anon
-disables acceptance of anonymous bind requests.
+disables acceptance of anonymous bind requests. Note that this setting
+does not prohibit anonymous directory access (See "require authc").
.B bind_simple
disables simple (bind) authentication.
.B tls_2_anon