On Thu, Feb 27, 2025 at 04:18:45PM -0000, Fred N wrote: > thanks for this information. i didn't get the right information for > method=128 > > I use a proxy to redirect the client's request to the backend. The > client uses a simple bind, and I want the proxy to intercept that > request and perform a SASL EXTERNAL connection using its own > certificate. The proxy should ignore the client's bind. I am unable to > properly configure the proxy for that.
Hi Fred, it might be that what you want is to select a different "mode=" for idassert-bind? Possibly "mode=self"? To do this properly and maintain the integrity of your DIT probably involves proxy authorization, which is something you'll want to read up on a bit more and test that you've not opened things up too much by accident. Regards, -- Ondřej Kuzník Senior Software Engineer Symas Corporation http://www.symas.com Packaged, certified, and supported LDAP solutions powered by OpenLDAP
