----- "Emmanuel Dreyfus" <[EMAIL PROTECTED]> wrote: > > So here is the overlay chain configuration that works using x509 > certificates for authentication to the LDAP master (binddn is still > both > mandatory and ignored) > > overlay chain > chain-uri ldaps://ldapmaster.example.net > chain-idassert-bind bindmethod=sasl > saslmech=EXTERNAL > binddn="cn=dontcare" > tls_cert=/etc/openssl/certs/ldapslave1.crt > tls_key=/etc/openssl/private/ldapslave1.key > tls_cacert=/etc/openssl/certs/ca.crt > tls_reqcert=demand > mode=self > chain-idassert-authzFrom "*" > chain-return-error TRUE
Did you chalk this up on the FAQ? Thanks. -- Kind Regards, Gavin Henry. OpenLDAP Engineering Team. E [EMAIL PROTECTED] Community developed LDAP software. http://www.openldap.org/project/
