--On Monday, January 13, 2020 9:57 PM +0100 Dieter Klünter dieter@dkluenter.de wrote:
If authz-regexp is set correctly, it should be:
ldapwhoami -YEXTERNAL-H ldapi:///
They specifically said they were trying to talk to an AD server with SASL/EXTERNAL.
Last I checked:
a) AD does not run on Linux b) AD does not support ldapi:/// since that requires a unix socket c) AD does not support authz-regexp
Their only option would be for certificate authentication, which would require them to then get the appropriate certs issued from the AD administrators, etc, and assuming the AD server actually is configured to allow cert authentication.
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com