Both openldap libraries and server can support the cldap://. Per the ldap_open(3) and lber-sockbuf(3) man page needs to build with the LDAP_CONNECTIONLESS macro in order to get cldap:// support. Looks like now none of the available use flag turns it on. Without this macro with the below configuration the slapd failed to start. /etc/conf.d/slapd: OPTS="-F /etc/openldap/slapd.d -h 'ldaps:// ldap:// cldap:// ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock'" With this macro it is working. Another minor issue, usually the slapd not running as root and the /etc/krb5.keytab file recommended to be readable only for root user. We need to use different krb5 keytab file with openldap.
Created attachment 251785 [details] openldap-2.4.23.ebuild Introduce cldap use flag
Created attachment 251787 [details] slapd-initd2 init script with KRB5_KTNAME export option
Created attachment 251789 [details] slapd-confd slapd-confs with KRB5_KTNAME comment
Both cldap and kerberoes fixes in 2.4.28-r1.
