Dan White <[email protected]> wrote: > Try: > > TLS_REQCERT: try > > In this case, EXTERNAL should only be offered after successful TLS > negotiation, or over a unix domain socket. > > If TLS negotiation fails, then a SASL bind won't work without selecting > another mechanism.
But Idap.conf(5) says "The server certificate is requested. If no certificate is provided, the session proceeds normally. ", which suggests that the TLS negociation may succeed without a server certificate being sent. Is that wrong? -- Emmanuel Dreyfus http://hcpnet.free.fr/pubz [email protected]
