[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Force client to use TLS

To: openldap-software@OpenLDAP.org
Subject: Re: Force client to use TLS
From: Dmitriy Kirhlarov <dkirhlarov@oilspace.com>
Date: Thu, 29 Jun 2006 10:21:56 +0400
Content-disposition: inline
In-reply-to: <20060628220800.nbkvgnvpvipcs0w4@webmail2.iut-bm.univ-fcomte.fr>
References: <20060628220800.nbkvgnvpvipcs0w4@webmail2.iut-bm.univ-fcomte.fr>
User-agent: mutt-ng/devel-r581 (FreeBSD)

On Wed, Jun 28, 2006 at 10:08:00PM +0200, aubert@iut-bm.univ-fcomte.fr wrote:
> Hello.
> 
> I would like to know if it is possible with OpenLDAP to force user to use TLS ? I know 
> that I can create a certificate for each user and configure OpenLDAP to perform checks 
> on client certificates for an incoming TLS session. First, it obliges to generate a 
> certificate for each user, what I do not want to do. Second, it is only if a TLS 
> session is initiated. What happened if the client does not start a TLS session ?

You can use
security 128
string in slapd.conf for force client to use TLS

WBR
-- 
Dmitriy Kirhlarov
OILspace, 26 Leninskaya sloboda, bld. 2, 2nd floor, 115280 Moscow, Russia
P:+7 495 105 7247 ext.203 F:+7 495 105 7246 E:DmitriyKirhlarov@oilspace.com
OILspace - The resource enriched - www.oilspace.com

References:
- Force client to use TLS
  - From: aubert@iut-bm.univ-fcomte.fr

Prev by Date: Re: Force client to use TLS
Next by Date: acl and regex
Index(es):
- Chronological
- Thread