Add comment about LDAP failing if identity is specified

author Arran Cudbard-Bell <a.cudbardb@freeradius.org>

Tue, 11 Jul 2023 07:10:20 +0000 (01:10 -0600)

committer Arran Cudbard-Bell <a.cudbardb@freeradius.org>

Tue, 11 Jul 2023 07:10:20 +0000 (01:10 -0600)
author Arran Cudbard-Bell <a.cudbardb@freeradius.org>
Tue, 11 Jul 2023 07:10:20 +0000 (01:10 -0600)
committer Arran Cudbard-Bell <a.cudbardb@freeradius.org>
Tue, 11 Jul 2023 07:10:20 +0000 (01:10 -0600)
diff --git a/raddb/mods-available/ldap b/raddb/mods-available/ldap

index cdf5ea2cedbbf45e3c8f79a28a0e18d197d36024..da83190cff3e14ec831e475f02fbffd9f1b5a80e 100644 (file)
--- a/raddb/mods-available/ldap
+++ b/raddb/mods-available/ldap
@@ -52,7 +52,8 @@ ldap {
         #
         #  identity::  Administrator account for searching and possibly modifying.
         #
-       #  WARNING: If using SASL + KRB5 these should be commented out.
+       #  WARNING: If using SASL + (KRB5 | EXTERNAL) identity should be commented out
+       #  as it will set an authzid, which is likely not what you want.
         #
  #      identity = 'cn=admin,dc=example,dc=org'
author	Arran Cudbard-Bell <a.cudbardb@freeradius.org>
	Tue, 11 Jul 2023 07:10:20 +0000 (01:10 -0600)
committer	Arran Cudbard-Bell <a.cudbardb@freeradius.org>
	Tue, 11 Jul 2023 07:10:20 +0000 (01:10 -0600)