[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: GSSAPI+kerberos5+TLS to Active Directory



> 2. Now loading a server side certificate authority on AD and attempting a
 >> TLS start I observe the following:
 >>     a. SASL auth doesn't work in this mode I assume because AD doesn't
 > >support an EXTERNAL SASL mechanism?

 >Correct, no SASL EXTERNAL. However, SASL GSSAPI works, but you need to
 >disable the privacy and intergity protecion on the SASL layer
(sasl_ssf=0).

 Disabling privacy and integrity protection? Can I do this via the -O switch
 with Ldapsearch, or is this a compile-time option?