On Wed, Feb 11, 2015 at 06:15:47PM +0100, Jakub Hrozek wrote:
> On Wed, Feb 11, 2015 at 06:05:49PM +0100, Michael Ströder wrote:
>> Jakub Hrozek wrote:
>>> On Mon, Aug 13, 2012 at 09:36:44PM +0200, Michael Ströder wrote:
>>>> Is it possible to use SASL/EXTERNAL when connecting to a LDAP server
with
>>>> StartTLS or LDAPS using client certs?
>>>>
>>>> In a project they have certs in all systems anyway (because of using
puppet)
>>>> and I'd like to let the sssd instances on all the systems
authenticate to the
>>>> LDAP server to restrict visibility of LDAP entries by ACL. I'd like
to avoid
>>>> having to set/configure passwords for each system's sssd.
>>>>
>>> Not currently, there is a ticket that is tracking adding the support:
>>>
https://fedorahosted.org/sssd/ticket/561
>>
>> Well, the years pass by...
>>
>> Any chance that this is ever implemented?
>>
>> Ciao, Michael.
>
> Patches are very much welcome. This might be a good starting point:
>
https://fedorahosted.org/sssd/wiki/DevelTutorials
Sorry, this didn't sound as I intended.
We would very much like to fix all the bugs and RFEs, but we simply only
have limited capacity, sorry...the most straightforward way to fix tickets
forward is to provide a patch or work with us on the patch..
Strange enough it seems to work in 1.11+. :-)
I did not test it before sending my last message. I had just looked at the
ticket status.
Now the question is whether it is an officially supported feature or whether
it might disappear later.
Ciao, Michael.