24 Jun
2010
24 Jun
'10
1:22 p.m.
manu@netbsd.org (Emmanuel Dreyfus) writes:
Dieter Kluenter dieter@dkluenter.de wrote:
No, ldapi:/// doesn't present a certificate, but you may establish a startTLS session to ldapi:///, in this case the client requests a server certificate.
Let me rephrase: I would like to specify two LDAP servers in ldaprc
- one ldapi:/// with anonymous bind
- one ldaps:// with SASL EXTERNAL for and required server certificate
It seems to me it is not possible.
This can be achieved by ACL's, man slapd.access(5),
access to ... by sockname=... access to .. by tls_ssf=...
-Dieter
--
Dieter Klünter | Systemberatung
sip: +49.40.20932173
http://www.dpunkt.de/buecher/2104.html
GPG Key ID:8EF7B6C6