https://bugs.openldap.org/show_bug.cgi?id=10065
--- Comment #3 from sean@teletech.com.au --- (In reply to Quanah Gibson-Mount from comment #1)
Pretty much everything in this report is incorrect and is not how things function. I suggest reading the slapd.conf(5) man page in better detail.
This is not helpful. I have put a lot of detail into the report. A little detail in the reply is not unreasonable. I reject the assertion that "everything" is incorrect.
I would note that the EXTERNAL SASL mechanism has nothing to do with cyrus-sasl.
cyrus-sasl decides if EXTERNAL will be offered. That's something.
An olcSecurity: tls=X would mandate TLS encryption on the connection, i.e., it would apply to simply binds as well as SASL mechanisms.
Yes, I didn't read that paragraph very carefully. I was trying to work out how slapd got the ssf for TLS and mistakenly thought that was it. I had to read the code more to find the calls to openssl. sorry.