Emmanuel Dreyfus wrote: > Dan White <[email protected]> wrote: > >> You could do SASL EXTERNAL over both, with ldapi:/// using Unix peercred, >> i.e.: >> >> authz-regexp >> ".*uidNumber=([^,]+),cn=peercred,cn=external,cn=auth" >> ldap:///ou=People,dc=example,dc=net??one?(uidNumber=$1) > > That sounds nice, but will it works with the "TLS_REQCERT demand" I have > for ldaps:// ?
It's simply not needed for ldapi:/// if the client sends a SASL/EXTERNAL bind request. Ciao, Michael.
