[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Different TLSVerifyClient possible?

To: openldap-software@OpenLDAP.org
Subject: Re: Different TLSVerifyClient possible?
From: Martin Lesser <admin-openldap@better-com.de>
Date: 12 Aug 2003 19:39:28 +0200
In-reply-to: <871xvq3k5p.fsf@kirk.better-com.de>
Organization: Better-Com IT-Services GmbH
References: <871xvq3k5p.fsf@kirk.better-com.de>
User-agent: Gnus/5.0808 (Gnus v5.8.8) XEmacs/21.4 (Portable Code)

Martin Lesser <admin-openldap@better-com.de> writes:

> For the slapd running on 127.0.0.1 I want to reduce TLSVerifyClient to
> never so only the slapd serving the external adress strictly depends on
> a valid client-cert. Otherwise I had to generate a client-cert for each
> local service which uses ldap.

... without pam_ldap

One solution which works is to add TLS_KEY and TLS_CERT to
/etc/ldap.conf so local services querying the slapd can use the certs
defined in ldap.conf if they also use pam_ldap.

But that's IMO suboptimal.

Martin

References:
- Different TLSVerifyClient possible?
  - From: Martin Lesser <admin-openldap@better-com.de>

Prev by Date: Replication questions
Next by Date: Re: Replication questions
Index(es):
- Chronological
- Thread