Hello, We have a working setup with two mirror master and two slaves:
* Syncrepl uses a certificate on each node to fetch data, with an olcAuthzRegexp rule to map it to a DSA (simpleSecurityObject). * Client SSSD servers also use a dedicated certificate to authenticate on the slaves, with another olcAuthzRegexp to map them to a "per project" DSA. * We use different ACL on the main db because some DSA have privileged access to some branches We want to expose data on another subnets through proxies, and cyber ask to use OpenLDAP with back_ldap. How should we configure them to use client certificate authentication to the backend slaves ? Any thoughts appreciated Regards Jerome
