[Date Prev][Date Next]
Re: SASL EXTERNAL with URLs other than ldapi://
On Thu, 10 Feb 2005, Jan-Piet Mens wrote:
On Thu Feb 10 2005 at 15:38:43 CET, Rodolfo Broco Manin wrote:
This may be a silly question, but... how can I use SASL's "EXTERNAL"
mechamism with OpenLDAP over network connections (ldap:// and ldaps://
URLs)? Here at my site I can see "supportedSASLMechanisms: EXTERNAL"
only when connecting via a ldapi:// URL.
(It's not available using TLS or SSL)
# ldapsearch -x -Z -H ldap://localhost -b "" -LLL -s base
Try forcing TLS with another -Z or using ldaps://localhost
$ ldapsearch -x -ZZ -H ldap://localhost -b "" -LLL -s base
$ ldapsearch -x -H ldaps://localhost -b "" -LLL -s base
You need to setup a client certificate. I assume your server is properly
configured for TLS. See http://www.openldap.org/doc/admin22/tls.html for