[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: overlay chain [RESOLVED]

To: Emmanuel Dreyfus <manu@netbsd.org>
Subject: Re: overlay chain [RESOLVED]
From: Gavin Henry <ghenry@OpenLDAP.org>
Date: Thu, 14 Aug 2008 11:37:40 +0100 (BST)
Cc: openldap-software@OpenLDAP.org, Ed Greenberg <edg@greenberg.org>
In-reply-to: <1il3i3o.1l9nykiplcdhsM%manu@netbsd.org>

----- "Emmanuel Dreyfus" <manu@netbsd.org> wrote:
> 
> So here is the overlay chain configuration that works using x509
> certificates for authentication to the LDAP master (binddn is still
> both
> mandatory and ignored)
> 
> overlay                 chain
> chain-uri               ldaps://ldapmaster.example.net
> chain-idassert-bind     bindmethod=sasl
>                         saslmech=EXTERNAL
>                         binddn="cn=dontcare"
>                         tls_cert=/etc/openssl/certs/ldapslave1.crt
>                         tls_key=/etc/openssl/private/ldapslave1.key
>                         tls_cacert=/etc/openssl/certs/ca.crt
>                         tls_reqcert=demand
>                         mode=self
> chain-idassert-authzFrom "*"
> chain-return-error TRUE

Did you chalk this up on the FAQ?

Thanks.

-- 
Kind Regards,

Gavin Henry.
OpenLDAP Engineering Team.

E ghenry@OpenLDAP.org

Community developed LDAP software.

http://www.openldap.org/project/

Follow-Ups:
- Re: overlay chain [RESOLVED]
  - From: manu@netbsd.org (Emmanuel Dreyfus)

References:
- Re: overlay chain [RESOLVED]
  - From: manu@netbsd.org (Emmanuel Dreyfus)

Prev by Date: Re: pwdCheckQuality doesn't work
Next by Date: slapd crash with access_log overlay
Index(es):
- Chronological
- Thread