Re: slapd-meta idassert with SASL EXTERNAL not working correctly

What setting do you have for TLSVerifyClient on the server side? According 16.2.1.8 of the Administrator's Guide, you'll need a non-default setting for the server to ask for the client certificate.

Also, have you attempted to perform a bind using the client utilities, to rule out any problems with the server config?

The server that back-meta connects to is configured to "try" TLS authentication. I also tested the authentication using the client utilities, which succeeded.

Apparently, the tls options I'm using are ignored by back-meta (see the previous message).

Nevertheless, setting the LDAPTLS_... environment variables for slapd seems to be a possible workaround for this problem.