[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Different TLSVerifyClient possible?
Hi,
Martin Lesser <admin-openldap@better-com.de> writes:
> I start slapd on two adresses (localhost and external adress).
>
> For security reasons slapd.conf contains
>
> TLSVerifyClient demand
>
> For the slapd running on 127.0.0.1 I want to reduce TLSVerifyClient to
> never so only the slapd serving the external adress strictly depends on
> a valid client-cert. Otherwise I had to generate a client-cert for each
> local service which uses ldap.
Set TLSVerifyClient allow in slapd.conf and TLS_REQCERT try in your
hosts /etc/openldap/ldap.conf. Thus you only have to generate
client-certs for each host and not for each service.
-Dieter
--
Dieter Kluenter | Systemberatung
Tel:040.64861967 | Fax: 040.64891521
mailto: dkluenter(at)dkluenter.de
http://www.avci.de