Is it possible to do LDAPS authentication using client certificates? if so/how?
I found the below but it still uses a bind method using user and password.
I don't want to use user and password. Currently using LDAPS from python to AD DC via port 3269.
It seems python-ldap always require user and password? are there alternative libraries/languages/toolsets/apis that do support client certificates?
LDAP standards defines a specific operation to authenticate a user based on the underlying transport security layer (TLS): the LDAP SASL EXTERNAL BIND.
When the connection is secured by TLS and the server was configured to require client authentication, then when the client sends a BIND SASL EXTERNAL request, the server retrieves the client identity and tries to map it to an internal user for authorization.
