Adam Brandizzi brandizzi2@gmail.com wrote:
Is it possible to configure slurpd for authenticating on its slave slapd servers using TLS/SASL EXTERNAL? If so, how do I configure it to use a specific X.509 certificate?
I use it roughly that way:
TLSCertificateFile /etc/openssl/certs/cert.crt TLSCertificateKeyFile /etc/openssl/private/cert.key TLSCACertificateFile /etc/openssl/certs/cacert.crt TLSVerifyClient allow
sasl-secprops none authz-regexp "email=info@example.net,cn=slurpd,ou=example unit,o=example organisation,st=france,c=fr" "cn=slurpd,dc=example,dc=net"
database bdb suffix "dc=example,dc=net" directory /var/openldap/openldap-data index objectClass pres,eq updatedn "cn=slurpd,dc=example,dc=net" updateref ldaps://ldapmaster.example.net
access to attrs=userPassword by anonymous auth by dn.exact="cn=slurpd,dc=example,dc=net" write by * none
access to * by dn.exact="cn=slurpd,dc=example,dc=net" write by * read