[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: slapd-meta idassert with SASL EXTERNAL not working correctly

On 08/09/10 08:55 +0200, Manuel Gaupp wrote:

I'm trying to set up OpenLDAP as a Proxy for multiple LDAP servers
using slapd-meta.
The remote servers require SASL EXTERNAL authentication, so I have to
configure TLS client auth.

The relevant part of my slapd.conf looks like this:
database meta
suffix "dc=example"

uri "ldaps://server2:636/cn=server2,dc=example"
idassert-authzFrom "dn:*"
idassert-bind bindmethod=sasl

Starting slapd with this config results in anonymous authentication
against "server2", even though I configured the idassert-bind to use
SASL EXTERNAL with the given keys/certs.

What setting do you have for TLSVerifyClient on the server side? According of the Administrator's Guide, you'll need a non-default setting
for the server to ask for the client certificate.

Also, have you attempted to perform a bind using the client utilities, to
rule out any problems with the server config?

Dan White