[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
OpenLDAP and TLS
I am a bit confused about how the whole setup works, perphaps someone can point me to how I can accomplish this task.
Basically, I want my ldap server to only accept queries using TLS, and only when the clients certificate is known.
I would have imagined that setting TLSVerifyClient to "demand" would have set this - but it still allows connections that don't use TLS (but, does reject requests from clients requiring TLS when (that clients) cert is not known.
ldapsearch -x -h ldap.host -b 'dc=base,dc=level' '(cn=something)'
gets results
ldapsearch -ZZ -x -h ldap.host -b 'dc=base,dc=level' '(cn=something)'
does not
Now, the behaviour that I want is neither of these to work as this client does not have a configured cert.
To re-iterate; the _only_ requests I want my LDAP server to answer is those coming from clients using TLS that have the certs known on the server. How can this be done?
--
alan evetts