Dan White <dwhite@olp.net> wrote: > You could do SASL EXTERNAL over both, with ldapi:/// using Unix peercred, > i.e.: > > authz-regexp > ".*uidNumber=([^,]+),cn=peercred,cn=external,cn=auth" > ldap:///ou=People,dc=example,dc=net??one?(uidNumber=$1) That sounds nice, but will it works with the "TLS_REQCERT demand" I have for ldaps:// ? -- Emmanuel Dreyfus http://hcpnet.free.fr/pubz manu@netbsd.org