[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldaprc with ldaps:// and ldap:// fallback



Emmanuel Dreyfus wrote:
> Dan White <dwhite@olp.net> wrote:
> 
>> You could do SASL EXTERNAL over both, with ldapi:/// using Unix peercred,
>> i.e.:
>>
>> authz-regexp
>>    ".*uidNumber=([^,]+),cn=peercred,cn=external,cn=auth"
>>    ldap:///ou=People,dc=example,dc=net??one?(uidNumber=$1)
> 
> That sounds nice, but will it works with the "TLS_REQCERT demand" I have
> for ldaps:// ?

It's simply not needed for ldapi:/// if the client sends a
SASL/EXTERNAL bind request.

Ciao, Michael.