[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: ldaprc with ldaps:// and ldap:// fallback
manu@netbsd.org (Emmanuel Dreyfus) writes:
> Dieter Kluenter <dieter@dkluenter.de> wrote:
>
>> No, ldapi:/// doesn't present a certificate, but you may establish a
>> startTLS session to ldapi:///, in this case the client requests a
>> server certificate.
>
> Let me rephrase: I would like to specify two LDAP servers in ldaprc
> - one ldapi:/// with anonymous bind
> - one ldaps:// with SASL EXTERNAL for and required server certificate
>
> It seems to me it is not possible.
This can be achieved by ACL's, man slapd.access(5),
access to ... by sockname=...
access to .. by tls_ssf=...
-Dieter
--
Dieter Klünter | Systemberatung
sip: +49.40.20932173
http://www.dpunkt.de/buecher/2104.html
GPG Key ID:8EF7B6C6