Jakub Hrozek wrote:
On Mon, Aug 13, 2012 at 09:36:44PM +0200, Michael Ströder wrote:
> HI!
>
> Is it possible to use SASL/EXTERNAL when connecting to a LDAP server with
> StartTLS or LDAPS using client certs?
>
> In a project they have certs in all systems anyway (because of using puppet)
> and I'd like to let the sssd instances on all the systems authenticate to the
> LDAP server to restrict visibility of LDAP entries by ACL. I'd like to avoid
> having to set/configure passwords for each system's sssd.
Not currently, there is a ticket that is tracking adding the support:
https://fedorahosted.org/sssd/ticket/561
Very sad that this does not make it into 1.9.0. Given the fact that the patch
should be really simple.
Ciao, Michael.