I'm looking for the best way to lay in a PKI infrastructure for client
certificates on top of LDAP, EXCLUDING Kerberos. The Admin Guide-Using
TLS, FAQ's , http://www.bayour.com/LDAPv3-HOWTO.html,
(is Kerberos centric) have been my main sources. It seems to me
SASL EXTERNAL should give me what I need.I've gotten this far:
Testing simple/anonymous bind
GSSAPI,DIGEST-MD5, & CRAM-MD5
Testing simple/anonymous bind w/SSL/TLS
Both SSL & TLS responds w/PLAIN,LOGIN in addition to above
Testing simple/user bind w/SSL/TLS
Can't pass through the LDAP/PEM prompts
Am I missing something here or is there a better alternative to
SASL? I've been unable to find anything with good SASL EXTERNAL,
cert storage, authentication, steps and example where the cert is
driving all authentication out of LDAP.
Curtis