Dan White dwhite@olp.net wrote:
You could do SASL EXTERNAL over both, with ldapi:/// using Unix peercred, i.e.:
authz-regexp ".*uidNumber=([^,]+),cn=peercred,cn=external,cn=auth" ldap:///ou=People,dc=example,dc=net??one?(uidNumber=$1)
That works fine.