Full_Name: Manuel Gaupp Version: 2.4.23 OS: Linux 2.6/x86 URL: Submission from: (NULL) (93.222.169.203)
Hi,
as described in http://www.openldap.org/lists/openldap-technical/201009/msg00073.html using SASL EXTERNAL authentication within back-meta is not possible without the workaround to set some LDAPTLS_... environment variables.
In http://www.openldap.org/lists/openldap-technical/201009/msg00085.html it is mentioned, that back-meta ignores the tls_... parameters for SASL EXTERNAL auth.
I used the following configuration ------------------------------------------------- database meta suffix "dc=example"
uri "ldaps://server2:636/cn=server2,dc=example" idassert-authzFrom "dn:*" idassert-bind bindmethod=sasl saslmech=EXTERNAL tls_cert=mycert.crt tls_key=mycert.key tls_cacert=trusted-ca.pem mode=none -------------------------------------------------
At least, the options tls_cert,tls_key and tls_cacert should work properly to authenticate with TLS certificates.
Thanks in advance
Manuel Gaupp