Jordan Brown wrote: > On 7/28/2023 7:32 AM, Howard Chu wrote: >> Regardless. A session is either authenticated, meaning it has an identity >> associated to it, or it is anonymous, meaning it has no identity associated >> to it. >> You can't have both at once. If you want an identity to be associated to the >> session, you perform a Bind operation. End of story. > > A TLS session that requires a client certificate is authenticated, whether or > not there's a bind operation. The question is whether the ACL subsystem can > make > use of that existing authentication - whether the TLS-level authenticated > identity is automatically made available at the LDAP layer.
Repeating myself because you don't seem to read carefully: If you want an identity to be associated to the session, you perform a Bind operation. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
