[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
ldaprc with ldaps:// and ldap:// fallback
Hello
I would like to setup a ldaprc so that an application uses:
- a localhost-base slapd without authentification (just relying on
filesystem permission on the slapd socket)
- if it is not available, a remote slapd, authenticating using client
certificate
Here is the desired ldaprc:
BASE dc=example,dc=net
URI ldapi:/// ldaps://ldap.example.net
TLS_CACERT /etc/openssl/ca.crt
TLS_CERT /etc/openssl/host.crt
TLS_KEY /etc/openssl/host.key
SASL_MECH EXTERNAL
TLS_REQCERT demand
Of course it will not work, as the ldapi:/// connection will present a
certificate. I have the feeling the setup I am looking for cannot be
configured. Is that right?
--
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@netbsd.org