From ddf4de6593756993f859c020bc6db046ca869846 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Mon, 7 Jul 2014 16:37:20 +0200 Subject: Add note how to test SASL EXTERNAL authentication via TLS. --- roles/common-LDAP/templates/etc/ldap/database.ldif.j2 | 3 +++ 1 file changed, 3 insertions(+) diff --git a/roles/common-LDAP/templates/etc/ldap/database.ldif.j2 b/roles/common-LDAP/templates/etc/ldap/database.ldif.j2 index cba0eb0..308bece 100644 --- a/roles/common-LDAP/templates/etc/ldap/database.ldif.j2 +++ b/roles/common-LDAP/templates/etc/ldap/database.ldif.j2 @@ -132,6 +132,9 @@ olcLimits: dn.exact="cn=lists,ou=replicates,o=mailHosting,dc=fripost,dc=org" {% endif %} {% endif %} {% if 'MX' in group_names and 'LDAP-provider' not in group_names %} +# Test it: +# LDAPSASL_MECH=external LDAPTLS_CACERT=/etc/ldap/ssl/ldap.fripost.org.pem LDAPTLS_CERT=/etc/ldap/ssl/mx.pem LDAPTLS_KEY=/etc/ldap/ssl/mx.key sudo -u openldap ldapwhoami -H ldaps://ldap.fripost.org/ +# LDAPSASL_MECH=external LDAPTLS_CACERT=/etc/ldap/ssl/ldap.fripost.org.pem LDAPTLS_CERT=/etc/ldap/ssl/mx.pem LDAPTLS_KEY=/etc/ldap/ssl/mx.key sudo -u openldap ldapsearch -H ldaps://ldap.fripost.org/ -b ou=virtual,o=mailHosting,dc=fripost,dc=org olcSyncrepl: rid=000 provider=ldaps://ldap.fripost.org type=refreshAndPersist -- cgit v1.2.3