Emmanuel Dreyfus wrote:
Dieter Kluenter dieter@dkluenter.de wrote:
No, ldapi:/// doesn't present a certificate, but you may establish a startTLS session to ldapi:///, in this case the client requests a server certificate.
Let me rephrase: I would like to specify two LDAP servers in ldaprc
- one ldapi:/// with anonymous bind
- one ldaps:// with SASL EXTERNAL for and required server certificate
It seems to me it is not possible.
Why not use SASL/EXTERNAL in both cases and let slapd map SASL authc-DN to the same authz-DN?
Ciao, Michael.