The LDAP_SASL_MECH statement specifies the authentication mechanism that the Simple Authentication and Security Layer (SASL) uses. You can define this statement if you define the LDAP_TLS statement or the LDAP_OPENSSL statement to require client certification.
Linux, UNIX, and Windows
LDAP_BIND_DN, LDAP_TLS, LDAP_OPENSSL
No
LDAP_SASL_MECH=
SASL_mechanism
For the
SASL_mechanism
variable, specify EXTERNAL. PowerExchange uses the SASL EXTERNAL authentication mechanism with LDAP. With this option, you do not need to specify the identity of the LDAP search user by including the LDAP_BIND_DN statement. Instead, the LDAP search user identity is determined from a TLS client certificate, together with the certificate mapping configuration of the LDAP server.
If you do not define the LDAP_BIND_DN statement or the LDAP_SASL_MECH statement, the LDAP client does not attempt to perform a bind and instead performs unauthenticated operations.