Emmanuel Dreyfus wrote: > Dieter Kluenter <die...@dkluenter.de> wrote: > >> No, ldapi:/// doesn't present a certificate, but you may establish a >> startTLS session to ldapi:///, in this case the client requests a >> server certificate. > > Let me rephrase: I would like to specify two LDAP servers in ldaprc > - one ldapi:/// with anonymous bind > - one ldaps:// with SASL EXTERNAL for and required server certificate > > It seems to me it is not possible.
Why not use SASL/EXTERNAL in both cases and let slapd map SASL authc-DN to the same authz-DN? Ciao, Michael.