Trustin Lee wrote:
Thank you for your clarification! So there are two ways for users to authenticate themselves in a secure manner; one with LDAPS and the other with SASL, right?
Not quite. SASL is the generic authentication framework. It has various alternative mechanisms. One of them is SASL-EXTERNAL, which basically says 'get the authentication credentials from the transport layer' (SSL in this case). There are other SASL mechanisms, such as GSSAPI where the credentials come in the BIND PDU payload. So to perform cert-based auth to an LDAP server, you use both SSL and SASL.
