[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SUMMARY Re: client certificates -- howto?


Dieter Kluenter <dieter@dkluenter.de> writes:

> Jeff Warnica <jeffw@chebucto.ns.ca> writes:
>> After finishing up the summary I have a few questions:
>> 1) Why isnt ldapwhoami converting "0.9.2342.19200300.100.1.1" to
>>    "uid"?
> don't know
>> 2) Why is the SSF 0?
> Because slapd is not aware of the security strength factor of an
> external certificate, but there is a tls_ssf, see man slapd.access
>> 3) Is there a .ldaprc directive to use the sasl EXTERNAL mech all the
>> time?
> See man ldap.conf
> would to the trick.

that was a shortsighted answer :-(
the external mechanism can only be activated using the -Z flag,
i.e. the "SASL_MECH EXTERNAL" directive is not working,yet, as there
is no ldap_start_tls flag in ldap.conf, yet :-(


Dieter Kluenter  | Systemberatung
Tel:040.64861967 | Fax: 040.64891521
mailto: dkluenter(at)dkluenter.de