On 7 August 2017 at 11:37, Quanah Gibson-Mount <[email protected]> wrote: > --On Saturday, August 05, 2017 3:05 PM -0400 David Hawes <[email protected]> > wrote: > >> With ITS #8568 [1], I notice that the first SASL EXTERNAL (using TLS >> client auth) bind on a connection succeeds, but subsequent SASL >> EXTERNAL binds on the same connection fail with: >> >> slapd[31088]: conn=1009 op=3 RESULT tag=97 err=48 text=SASL(-15): >> mechanism too weak for this user: mech EXTERNAL is too weak > > > Please file an ITS for this, thanks. I would think the expected behavior > for SASL/EXTERNAL is the SASL SSF matches the TLS SSF, given it's a TLS > encrypted connection. >
ITS filed: http://www.openldap.org/its/index.cgi/Incoming?id=8708;selectid=8708
