[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldaprc with ldaps:// and ldap:// fallback

To: Emmanuel Dreyfus <manu@netbsd.org>
Subject: Re: ldaprc with ldaps:// and ldap:// fallback
From: Michael Ströder <michael@stroeder.com>
Date: Thu, 24 Jun 2010 14:09:05 +0200
Cc: openldap-technical@openldap.org
In-reply-to: <1jklaf5.1qzfmh7c9rxpiM%manu@netbsd.org>
References: <1jklaf5.1qzfmh7c9rxpiM%manu@netbsd.org>
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.10) Gecko/20100504 Lightning/1.0b1 SeaMonkey/2.0.5

Emmanuel Dreyfus wrote:
> Dieter Kluenter <dieter@dkluenter.de> wrote:
> 
>> No, ldapi:/// doesn't present a certificate, but you may establish a
>> startTLS session to ldapi:///, in this case the client requests a
>> server certificate.
> 
> Let me rephrase: I would like to specify two LDAP servers in ldaprc 
> - one ldapi:/// with anonymous bind
> - one ldaps:// with SASL EXTERNAL for and required server certificate
> 
> It seems to me it is not possible.

Why not use SASL/EXTERNAL in both cases and let slapd map SASL authc-DN to the
same authz-DN?

Ciao, Michael.

References:
- Re: ldaprc with ldaps:// and ldap:// fallback
  - From: manu@netbsd.org (Emmanuel Dreyfus)

Prev by Date: Windows 7 users's authentication with openldap ?
Next by Date: Re: Can password-hash be database specific? also, storing and verifying cleartext passwords
Index(es):
- Chronological
- Thread