On 7/28/2023 7:32 AM, Howard Chu wrote: > Regardless. A session is either authenticated, meaning it has an > identity associated to it, or it is anonymous, meaning it has no > identity associated to it. You can't have both at once. If you want an > identity to be associated to the session, you perform a Bind > operation. End of story.
A TLS session that requires a client certificate is authenticated, whether or not there's a bind operation. The question is whether the ACL subsystem can make use of that existing authentication - whether the TLS-level authenticated identity is automatically made available at the LDAP layer. -- Jordan Brown, Oracle ZFS Storage Appliance, Oracle Solaris
