olcAuthzRegexp

[gburd]

Name and Version

symas/openldap:2.6.6-debian-11-r7

What is the problem this feature will solve?

To keep the setup working with LDAP_CONFIG_ADMIN_DN and ldapi in a more integrated way in libopenldap.sh.

What is the feature you are proposing to solve the problem?

Consider using olcAuthzRegexp rather than what's there today.

What alternatives have you considered?

What's there now works; this depends on how you set up rootDN on other DBs.

[gburd]

There are some embedded intentions in how "admins" are set up and handled in OpenLDAP, depending on what exactly they are (and as the maintainer, we have to make the decisions, potentially deciphering what Bitnami's intentions/design might have been), we might be better server by olcAuthzRegexp (man slapd-config)

[mistotebe]

The way this issue is set up I don't think I can meaningfully contribute until you have some understanding of man slapd.access and how olcAuthzRegexp fits into how slapd does authentication/authorization.

[mistotebe]

Hopefully the context of this issue is this:

there might be better ways of dealing with admins and authorization and how it can be encoded in the config in a succinct way, hopefully, depends on what you're actually trying to accomplish