[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL EXTERNAL with URLs other than ldapi://

On Thu, 10 Feb 2005, Jan-Piet Mens wrote:

On Thu Feb 10 2005 at 15:38:43 CET, Rodolfo Broco Manin wrote:

This may be a silly question, but... how can I use SASL's "EXTERNAL"
mechamism with OpenLDAP over network connections (ldap:// and ldaps://
URLs)?  Here at my site I can see "supportedSASLMechanisms: EXTERNAL"
only when connecting via a ldapi:// URL.
(It's not available using TLS or SSL)
# ldapsearch -x -Z -H ldap://localhost -b "" -LLL -s base

Try forcing TLS with another -Z or using ldaps://localhost

$ ldapsearch -x -ZZ -H ldap://localhost -b "" -LLL -s base

$ ldapsearch -x -H ldaps://localhost -b "" -LLL -s base

You need to setup a client certificate. I assume your server is properly configured for TLS. See http://www.openldap.org/doc/admin22/tls.html for more.