Re: OpenLDAP, SSL and client authentication

[Antonio Ruiz Martínez <arm@dif.um.es>]

Hello!


"Kurt D. Zeilenga" wrote:

> At 11:18 AM 5/21/2004, Antonio Ruiz Martínez wrote:
> >Hello!
> >
> >    I'm a new user of OpenLDAP and I'm trying to configuring OpenLDAP
> >with client's authentication.
> >I think I have done the correct steps in order to configure OpenLDAP
> >with SSL and only using the server authentication. I have read that the
> >change in order to support client's authentication is to change the
> >value of TLSVerifyClient. But my problem is the following:
> >I would like to configure my directory with some public attributes and
> >some private attributes for each user. And I would like everybody can
> >read the public attributes and I would like that the private attributes
> >can only read by the owner user. I would like to allow the user to read
> >the private attributes when he is authenticated with the client's
> >authentication over ssl. The problem is that besides the client's
> >authetication he requests me the password and I wouldn't like to
> >introduce a password because with the client's autenthication I can be
> >sure the client is the correct user in order to access the private data.
> >How can I solve my problem? Can you guide me, please?
>
> Use SASL/EXTERNAL (as discussed in http://www.openldap.org/doc/admin22/tls.html).
>
>
Thanks for your answer, but I've configured the ssl client's authentication, but it
requests my the password. Could you give me a reference how to configure
SASL/EXTERNAL with SSL?

Thanks in advance,
Regards,
Antonio