[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#6642) back-meta idassert with SASL EXTERNAL ignoring parameters

To: openldap-its@OpenLDAP.org
Subject: (ITS#6642) back-meta idassert with SASL EXTERNAL ignoring parameters
From: mgaupp@googlemail.com
Date: Wed, 8 Sep 2010 14:59:46 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

Full_Name: Manuel Gaupp
Version: 2.4.23
OS: Linux 2.6/x86
URL: 
Submission from: (NULL) (93.222.169.203)


Hi,

as described in 
http://www.openldap.org/lists/openldap-technical/201009/msg00073.html
using SASL EXTERNAL authentication within back-meta is not possible without the
workaround to set some LDAPTLS_... environment variables.

In http://www.openldap.org/lists/openldap-technical/201009/msg00085.html it is
mentioned, that back-meta ignores the tls_... parameters for SASL EXTERNAL
auth.

I used the following configuration
-------------------------------------------------
database meta
suffix "dc=example"

uri "ldaps://server2:636/cn=server2,dc=example"
idassert-authzFrom "dn:*"
idassert-bind bindmethod=sasl
             saslmech=EXTERNAL
             tls_cert=mycert.crt
             tls_key=mycert.key
             tls_cacert=trusted-ca.pem
             mode=none
-------------------------------------------------

At least, the options tls_cert,tls_key and tls_cacert should work properly to
authenticate with TLS certificates.

Thanks in advance

Manuel Gaupp

Prev by Date: Re: (ITS#6548) Many "connection_read(): no connection!" warnings when using ldapi:/// and a bind DN (no external authentication)
Next by Date: (ITS#6643) back-meta silently retries anonymously in case of idassert with auth method not supported
Index(es):
- Chronological
- Thread