[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: TLS authentication for slurpd
Adam Brandizzi <brandizzi2@gmail.com> wrote:
> Is it possible to configure slurpd for authenticating on its slave
> slapd servers using TLS/SASL EXTERNAL? If so, how do I configure it to
> use a specific X.509 certificate?
I use it roughly that way:
TLSCertificateFile /etc/openssl/certs/cert.crt
TLSCertificateKeyFile /etc/openssl/private/cert.key
TLSCACertificateFile /etc/openssl/certs/cacert.crt
TLSVerifyClient allow
sasl-secprops none
authz-regexp "email=info@example.net,cn=slurpd,ou=example
unit,o=example organisation,st=france,c=fr"
"cn=slurpd,dc=example,dc=net"
database bdb
suffix "dc=example,dc=net"
directory /var/openldap/openldap-data
index objectClass pres,eq
updatedn "cn=slurpd,dc=example,dc=net"
updateref ldaps://ldapmaster.example.net
access to attrs=userPassword
by anonymous auth
by dn.exact="cn=slurpd,dc=example,dc=net" write
by * none
access to *
by dn.exact="cn=slurpd,dc=example,dc=net" write
by * read
--
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@netbsd.org