Hi,
I'm trying to set up OpenLDAP as a Proxy for multiple LDAP servers using slapd-meta. The remote servers require SASL EXTERNAL authentication, so I have to configure TLS client auth.
The relevant part of my slapd.conf looks like this:
database meta suffix "dc=example"
uri "ldaps://server2:636/cn=server2,dc=example" idassert-authzFrom "dn:*" idassert-bind bindmethod=sasl saslmech=EXTERNAL tls_cert=mycert.crt tls_key=mycert.key tls_cacert=trusted-ca.pem mode=none
Add
tls start
here to request TLS to be established on connections (see slapd-meta(5) for details). I think this should be implicitly enabled by idassert-bind when it requires TLS (or at least its need should be documented).
p.
openldap-technical@openldap.org
-
masaratiļ¼ aero.polimi.it