From: Quanah Gibson-Mount <quanah@openldap.org>
Date: Mon, 17 Jun 2019 14:50:13 +0000 (+0000)
Subject: ITS#9003
X-Git-Tag: OPENLDAP_REL_ENG_2_4_50~33
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=468c8ee2d5da809256fc774c6e69297a6b073112;p=thirdparty%2Fopenldap.git

ITS#9003

Note that with slapd-ldap, the special character "*" actually allows anonymous rather than denies, as is the case with authz-policy
---

diff --git a/doc/man/man5/slapd-ldap.5 b/doc/man/man5/slapd-ldap.5
index 88cffbe94b..410db8c604 100644
--- a/doc/man/man5/slapd-ldap.5
+++ b/doc/man/man5/slapd-ldap.5
@@ -203,14 +203,16 @@ if defined, selects what
 identities are authorized to exploit the identity assertion feature.
 The string
 .B <authz-regexp>
-follows the rules defined for the
+mostly follows the rules defined for the
 .I authzFrom
 attribute.
 See 
 .BR slapd.conf (5),
 section related to
 .BR authz\-policy ,
-for details on the syntax of this field.
+for details on the syntax of this field.  This parameter differs from
+the documented behavior in relation to the meaning of *, which in this
+case allows anonymous rather than denies.
 
 .HP
 .hy 0