----- Original Message -----
From: "Wiebe Cazemier" wiebe@halfgaar.net To: "Dan White" dwhite@olp.net Cc: openldap-technical@openldap.org Sent: Friday, 4 January, 2013 1:22:23 PM Subject: Re: Forcing TLS, but keep working SASL authentication
So even if you set tls=0 on olcDatabase={0}config,cn=config, you need that authz-regexp? Because I just set tls=0, and "-Y EXTERNAL" over ldapi:/// is now complaining about requiring TLS again.
Unfortunately, I'm pretty new to LDAP, so I don't know how to define that authz-regexp. I don't what a regex is, of course, I just don't know what to tell the LDAP server...
As an addendum, I just did this:
dn: olcDatabase={1}hdb,cn=config changetype: modify add: olcSecurity olcSecurity: tls=1
And that seems to have the desired effect. I can still run commands like:
ldapsearch -LLL -Y EXTERNAL -H ldapi:/// -b cn=config
But trying to bind with "ldapsearch -xLLL -b ..." without SSL says: "TLS confidentiality required"