Re: Using tls_cert/key without rootbinddn

If I've understood correctly:

Note that sending a client-cert with TLS does *not perform* an LDAP Bind.

Q1. Do we know what purpose it serves, then (sending a client-cert when we need account/password)?
Password in clear text only, if I've understood correctly :-(

< and pointing me in the direction of SASL/EXTERNAL.

I also misunderstood ! Can you please elaborate on the use of SASL/EXTERNAL ? For example, what options
did you use in /etc/ldap.conf ?

Thanks for your time.