[Date Prev][Date Next]
Re: LDAPS (LDAP over SSL) client authentication
Luke Howard wrote:
> What about doing a SASL bind with a mechanism other than EXTERNAL, over SSL?
> Can I use that to set an alternate authorization identity too?
Yes, at least in Netscape Directory Server. Any Bind (except for
a few special cases) sets the subsequent authorization identity,
regardless of what happened during SSL session negotiation.
There are some relevant Internet Drafts:
<draft-ietf-ldapext-ldapv3-tls-02.txt> section 6
I tried to conform to these (actually previous versions of them),
when implementing LDAPS for Netscape.