Attempting to configure Certificate based authentication with SASL External such that if TLS successfully completed the user is authenticated by certificate DN as an authenticated user without the requirement for the corresponding DN to be present in the Directory Server. nsslapd-sasl-force-external: on is part of the puzzle what other SASL mapping configurations are required to allow successful completion of authenticated access. We can complete OU, O, C RDN values can be mapped and certificate trust for clients properly configured, but cannot necessarily make any mappings on certificate CN RDN values. Example cert DN value: cn=[Lastname.Firstname.MI], OU=[Affiliation], O=[Company Name], C=[ISO 3166 Country Code] were OU could be multivalued in cert RDN. David M. Partridge dpartridge@xxxxxxxxxxxx -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
