[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: ldaprc with ldaps:// and ldap:// fallback
Emmanuel Dreyfus wrote:
> Dan White <dwhite@olp.net> wrote:
>
>> You could do SASL EXTERNAL over both, with ldapi:/// using Unix peercred,
>> i.e.:
>>
>> authz-regexp
>> ".*uidNumber=([^,]+),cn=peercred,cn=external,cn=auth"
>> ldap:///ou=People,dc=example,dc=net??one?(uidNumber=$1)
>
> That sounds nice, but will it works with the "TLS_REQCERT demand" I have
> for ldaps:// ?
It's simply not needed for ldapi:/// if the client sends a
SASL/EXTERNAL bind request.
Ciao, Michael.