From: Arran Cudbard-Bell <a.cudbardb@freeradius.org>
Date: Tue, 11 Jul 2023 07:10:20 +0000 (-0600)
Subject: Add comment about LDAP failing if identity is specified
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a34ae93ceb6045cf2ca26fc0aeb6092b2370b61c;p=thirdparty%2Ffreeradius-server.git

Add comment about LDAP failing if identity is specified
---

diff --git a/raddb/mods-available/ldap b/raddb/mods-available/ldap
index cdf5ea2cedb..da83190cff3 100644
--- a/raddb/mods-available/ldap
+++ b/raddb/mods-available/ldap
@@ -52,7 +52,8 @@ ldap {
 	#
 	#  identity::  Administrator account for searching and possibly modifying.
 	#
-	#  WARNING: If using SASL + KRB5 these should be commented out.
+	#  WARNING: If using SASL + (KRB5 | EXTERNAL) identity should be commented out
+	#  as it will set an authzid, which is likely not what you want.
 	#
 #	identity = 'cn=admin,dc=example,dc=org'