On Mon, 2 Aug 2010, Patrik Martinsson wrote:
ldap_tls_reqcert = demand ldap_tls_cacert = /etc/openldap/cacerts/CADOUBLE.cer ldap_tls_cacertdir = /etc/openldap/cacerts
I guess this doesn't work with GSSAPI SASL binding yet? Tried to force the authid to FOO$@REALM, but it fails just the same.
it's harder to automatically generate certificates for the clients, that's why I'm interested in getting this working :)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 08/04/2010 10:18 AM, Timo Aaltonen wrote:
On Mon, 2 Aug 2010, Patrik Martinsson wrote:
ldap_tls_reqcert = demand ldap_tls_cacert = /etc/openldap/cacerts/CADOUBLE.cer ldap_tls_cacertdir = /etc/openldap/cacerts
I guess this doesn't work with GSSAPI SASL binding yet? Tried to force the authid to FOO$@REALM, but it fails just the same.
it's harder to automatically generate certificates for the clients, that's why I'm interested in getting this working :)
I'm not sure what you're asking for here.
I think what you're talking about is using: ldap_sasl_mech = gssapi ldap_krb5_keytab = /path/to/ldap.keytab
- -- Stephen Gallagher RHCE 804006346421761
Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/
sssd-devel@lists.fedorahosted.org