[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: slapd-meta idassert with SASL EXTERNAL not working correctly
- To: Dan White <dwhite@olp.net>
- Subject: Re: slapd-meta idassert with SASL EXTERNAL not working correctly
- From: Manuel Gaupp <mgaupp@googlemail.com>
- Date: Wed, 8 Sep 2010 16:47:06 +0200
- Cc: openldap-technical@openldap.org
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:cc:content-type; bh=Gj+fQdhUW33fsz//YcaCDq5Lg7xEX2mieT4rxiywDTY=; b=xee4eEJU/5w+E6dkFvl/ybxiz4b6V7nqeTkBi2IhhNS3B23DCvnYB+1ls2egArjQVm Dxt0NCew3Pwm8dJnhef+APcispW4DaecpXd3w/IOVUk773pcMFpRAbVvZ9QYNvo8M12T T4VaJEV9InawfeEiA2unZGuhdk9ZvockJRoUE=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=F5oI1RZf2gDzdFgDBKwGGEo5sc0wUjL5c+98AdpEL4ih7+PTFQSNK5msiBiVcAmQZ3 7nRuDsLVPPlvo3yczemNeUkMLVQp/otF7FF/tVdNxYlNjjFBCxJ5jA5gpnLiCHohyreq SZ8m6tey+g6U3BZ2xfDIjfRmv4HiWBGTFO6jE=
- In-reply-to: <20100908141452.GA3297@dan.olp.net>
- References: <AANLkTik-8Fe+xWzeCqdhJi7vuYZLu71Co8ovnoma7QPB@mail.gmail.com> <20100908141452.GA3297@dan.olp.net>
> What setting do you have for TLSVerifyClient on the server side? According
> 16.2.1.8 of the Administrator's Guide, you'll need a non-default setting
> for the server to ask for the client certificate.
>
> Also, have you attempted to perform a bind using the client utilities, to
> rule out any problems with the server config?
The server that back-meta connects to is configured to "try" TLS authentication.
I also tested the authentication using the client utilities, which succeeded.
Apparently, the tls options I'm using are ignored by back-meta (see
the previous message).
Nevertheless, setting the LDAPTLS_... environment variables for slapd
seems to be a possible workaround for this problem.
--
Manuel Gaupp