Is it possible to configure the server to perform non-certificate client authentication over SSL? I've found that I can only bind anonymously over SSL. For example, if I include the binddn and password as params to a command line ldapsearch, the connection fails with this error:
check_for_refs: new result: msgid 1, res_errno 49, res_error <80090308: LdapErr: DSID-0C090290, comment: AcceptSecurityContext error, data 525, v893>, res_matched <> The operation succeeds without the password (or also the binddn); this is true whether or not I have a client cert. The same non-SSL operation fails if no password is given.
