[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Forcing TLS, but keep working SASL authentication

----- Original Message -----
> From: "Wiebe Cazemier" <wiebe@halfgaar.net>
> To: "Dan White" <dwhite@olp.net>
> Cc: openldap-technical@openldap.org
> Sent: Friday, 4 January, 2013 1:22:23 PM
> Subject: Re: Forcing TLS, but keep working SASL authentication
> So even if you set tls=0 on olcDatabase={0}config,cn=config, you need
> that authz-regexp? Because I just set tls=0, and "-Y EXTERNAL" over
> ldapi:/// is now complaining about requiring TLS again.
> Unfortunately, I'm pretty new to LDAP, so I don't know how to define
> that authz-regexp. I don't what a regex is, of course, I just don't
> know what to tell the LDAP server...

As an addendum, I just did this:

dn: olcDatabase={1}hdb,cn=config
changetype:  modify
add: olcSecurity
olcSecurity: tls=1

And that seems to have the desired effect. I can still run commands like:

ldapsearch -LLL -Y EXTERNAL -H ldapi:/// -b cn=config

But trying to bind with "ldapsearch -xLLL -b ..." without SSL says: "TLS confidentiality required"