On 09/13/2012 05:05 PM, Michael Ströder wrote:
Jakub Hrozek wrote:
On Mon, Aug 13, 2012 at 09:36:44PM +0200, Michael Ströder wrote:

Is it possible to use SASL/EXTERNAL when connecting to a LDAP server with
StartTLS or LDAPS using client certs?

In a project they have certs in all systems anyway (because of using puppet)
and I'd like to let the sssd instances on all the systems authenticate to the
LDAP server to restrict visibility of LDAP entries by ACL. I'd like to avoid
having to set/configure passwords for each system's sssd.
Not currently, there is a ticket that is tracking adding the support:
Very sad that this does not make it into 1.9.0. Given the fact that the patch
should be really simple.
If you are willing to contribute a patch and we see that it is not drastic we might consider including it in 1.9.x but it all depends on how fast you can do it. We can at least treat it as a tech preview in RHEL.

Ciao, Michael.

sssd-users mailing list

Thank you,
Dmitri Pal

Sr. Engineering Manager for IdM portfolio
Red Hat Inc.

Looking to carve out IT costs?