Re: ldaprc with ldaps:// and ldap:// fallback

24 Jun 2010


      On 24/06/10 11:57 +0200, Emmanuel Dreyfus wrote:
...
Dieter Kluenter dieter@dkluenter.de wrote:
...
No, ldapi:/// doesn't present a certificate, but you may establish a
startTLS session to ldapi:///, in this case the client requests a
server certificate.
Let me rephrase: I would like to specify two LDAP servers in ldaprc

one ldapi:/// with anonymous bind
one ldaps:// with SASL EXTERNAL for and required server certificate

It seems to me it is not possible.
You could do SASL EXTERNAL over both, with ldapi:/// using Unix peercred,
i.e.:
authz-regexp
   ".*uidNumber=([^,]+),cn=peercred,cn=external,cn=auth"
   ldap:///ou=People,dc=example,dc=net??one?(uidNumber=$1)
-- 
Dan White

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

Re: ldaprc with ldaps:// and ldap:// fallback