On 7 August 2017 at 11:37, Quanah Gibson-Mount <qua...@symas.com> wrote:
> --On Saturday, August 05, 2017 3:05 PM -0400 David Hawes <dha...@gmail.com>
> wrote:
>
>> With ITS #8568 [1], I notice that the first SASL EXTERNAL (using TLS
>> client auth) bind on a connection succeeds, but subsequent SASL
>> EXTERNAL binds on the same connection fail with:
>>
>> slapd[31088]: conn=1009 op=3 RESULT tag=97 err=48 text=SASL(-15):
>> mechanism too weak for this user: mech EXTERNAL is too weak
>
>
> Please file an ITS for this, thanks.  I would think the expected behavior
> for SASL/EXTERNAL is the SASL SSF matches the TLS SSF, given it's a TLS
> encrypted connection.
>

ITS filed:

http://www.openldap.org/its/index.cgi/Incoming?id=8708;selectid=8708

Reply via email to