[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldaprc with ldaps:// and ldap:// fallback

To: Emmanuel Dreyfus <manu@netbsd.org>
Subject: Re: ldaprc with ldaps:// and ldap:// fallback
From: Michael Ströder <michael@stroeder.com>
Date: Fri, 25 Jun 2010 12:15:47 +0200
Cc: openldap-technical@openldap.org
In-reply-to: <1jkm2z9.1acspej1rfg3b4M%manu@netbsd.org>
References: <1jkm2z9.1acspej1rfg3b4M%manu@netbsd.org>
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.10) Gecko/20100504 Lightning/1.0b1 SeaMonkey/2.0.5

Emmanuel Dreyfus wrote:
> Dan White <dwhite@olp.net> wrote:
> 
>> You could do SASL EXTERNAL over both, with ldapi:/// using Unix peercred,
>> i.e.:
>>
>> authz-regexp
>>    ".*uidNumber=([^,]+),cn=peercred,cn=external,cn=auth"
>>    ldap:///ou=People,dc=example,dc=net??one?(uidNumber=$1)
> 
> That sounds nice, but will it works with the "TLS_REQCERT demand" I have
> for ldaps:// ?

It's simply not needed for ldapi:/// if the client sends a
SASL/EXTERNAL bind request.

Ciao, Michael.

References:
- Re: ldaprc with ldaps:// and ldap:// fallback
  - From: manu@netbsd.org (Emmanuel Dreyfus)

Prev by Date: Re: Windows 7 users's authentication with openldap ?
Next by Date: RE: Can password-hash be database specific? also, storing and verifying cleartext passwords
Index(es):
- Chronological
- Thread