[Date Prev][Date Next] [Chronological] [Thread] [Top]


The problem is slightly different: the tls_* parameters of idassert are
ignored unless TLS is started for other reasons.  I believe back-meta
needs to automatically start TLS for those connections created by idassert
when idassert requires TLS for authentication.  You can work this around
by setting

tls start

this forces TLS to be started on all connections (tls try-start will fall
back to non-TLS if it cannot be started).

I note that there is an asymmetry between back-ldap and back-meta: the
former allows to configure specific tls_* parameters for the "tls"

However, also back-ldap seems to require the "tls" statement to honor
EXTERNAL TLS-based idassert.