[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#6642) back-meta idassert with SASL EXTERNAL ignoring parameters



Full_Name: Manuel Gaupp
Version: 2.4.23
OS: Linux 2.6/x86
URL: 
Submission from: (NULL) (93.222.169.203)


Hi,

as described in 
http://www.openldap.org/lists/openldap-technical/201009/msg00073.html
using SASL EXTERNAL authentication within back-meta is not possible without the
workaround to set some LDAPTLS_... environment variables.

In http://www.openldap.org/lists/openldap-technical/201009/msg00085.html it is
mentioned, that back-meta ignores the tls_... parameters for SASL EXTERNAL
auth.

I used the following configuration
-------------------------------------------------
database meta
suffix "dc=example"

uri "ldaps://server2:636/cn=server2,dc=example"
idassert-authzFrom "dn:*"
idassert-bind bindmethod=sasl
             saslmech=EXTERNAL
             tls_cert=mycert.crt
             tls_key=mycert.key
             tls_cacert=trusted-ca.pem
             mode=none
-------------------------------------------------

At least, the options tls_cert,tls_key and tls_cacert should work properly to
authenticate with TLS certificates.

Thanks in advance

Manuel Gaupp