[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: SSL client certificate mapping?
At 07:16 AM 2001-12-11, Kartik Subbarao wrote:
>I hadn't gotten any conclusive answers to some questions I asked last week, so I thought I'd ask them again:
OpenLDAP supports client assertion of certificates when using
TLS (StartTLS) or SSL (ldaps://). As detailed in RFC 2830,
OpenLDAP supports use of SASL/EXTERNAL to use authentication
identity provided by the lower level (TLS/SSL) in establishment
of the LDAP authentication and authorization associations.
This includes support for identity mapping and proxy authorization
policy.
In absence of a successfully completed SASL/EXTERNAL operation
or other bind operation, the LDAP association is anonymous per
RFC 2829.
Kurt