[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldaprc with ldaps:// and ldap:// fallback



Emmanuel Dreyfus wrote:
> Dieter Kluenter <dieter@dkluenter.de> wrote:
> 
>> No, ldapi:/// doesn't present a certificate, but you may establish a
>> startTLS session to ldapi:///, in this case the client requests a
>> server certificate.
> 
> Let me rephrase: I would like to specify two LDAP servers in ldaprc 
> - one ldapi:/// with anonymous bind
> - one ldaps:// with SASL EXTERNAL for and required server certificate
> 
> It seems to me it is not possible.

Why not use SASL/EXTERNAL in both cases and let slapd map SASL authc-DN to the
same authz-DN?

Ciao, Michael.