[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldapi security level?

Hallvard B Furuseth wrote:

You have to use SASL/EXTERNAL.

Eh?  Simple Bind is secure enough if the LDAP connection (if ldapi
can be called a connection) is secure.

Ah yes, I suppose so. And yes, ldapi uses a "connection" by any sense of the word. The fact that the connection is over a Unix Domain socket doesn't make that any less true.

How do I use SASL/EXTERNAL with ldapi?

"ldapsearch -H ldapi:// -Y EXTERNAL" generally works for me. Don't bother trying this on Windows; only Unix Domain sockets are supported.
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com http://highlandsun.com/hyc
Symas: Premier OpenSource Development and Support