[Date Prev][Date Next] [Chronological] [Thread] [Top]

ldaprc with ldaps:// and ldap:// fallback

To: openldap-technical@openldap.org
Subject: ldaprc with ldaps:// and ldap:// fallback
From: manu@netbsd.org (Emmanuel Dreyfus)
Date: Wed, 23 Jun 2010 08:27:34 +0200
User-agent: MacSOUP/2.7 (unregistered for 1250 days)

Hello

I would like to setup a ldaprc so that an application uses:
- a localhost-base slapd without authentification (just relying on
filesystem permission on the slapd socket) 
- if it is not available, a remote slapd, authenticating using client
certificate

Here is the desired ldaprc:
BASE            dc=example,dc=net
URI             ldapi:/// ldaps://ldap.example.net
TLS_CACERT      /etc/openssl/ca.crt
TLS_CERT        /etc/openssl/host.crt
TLS_KEY         /etc/openssl/host.key
SASL_MECH       EXTERNAL
TLS_REQCERT     demand

Of course it will not work, as the ldapi:/// connection will present a
certificate. I have the feeling the setup I am looking for cannot be
configured. Is that right?

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@netbsd.org

Follow-Ups:
- Re: ldaprc with ldaps:// and ldap:// fallback
  - From: "Dieter Kluenter" <dieter@dkluenter.de>

Prev by Date: Re: Copying trees from one consumer to another
Next by Date: Re: Configuring slapd.conf-less OpenLDAP
Index(es):
- Chronological
- Thread