2. Now loading a server side certificate authority on AD and attempting a>> TLS start I observe the following: >> a. SASL auth doesn't work in this mode I assume because AD doesn't > >support an EXTERNAL SASL mechanism?
>Correct, no SASL EXTERNAL. However, SASL GSSAPI works, but you need to >disable the privacy and intergity protecion on the SASL layer (sasl_ssf=0).
Disabling privacy and integrity protection? Can I do this via the -O switch with Ldapsearch, or is this a compile-time option?
-O maxssf=0 or SASL_SECPROPS in ldap.conf
-- Norbert Klasen, Dipl.-Inform. DAASI International GmbH phone: +49 7071 29 70336 Wilhelmstr. 106 fax: +49 7071 29 5114 72074 Tübingen email: norbert.klasen@daasi.de Germany web: http://www.daasi.de