[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Question about LDAP and SSL.

To: openldap-technical@openldap.org
Subject: Re: Question about LDAP and SSL.
From: Buchan Milne <bgmilne@staff.telkomsa.net>
Date: Thu, 8 Jul 2010 08:52:36 +0100
Cc: Bryan Boone <v_1bboon@yahoo.com>
In-reply-to: <237220.24482.qm@web65501.mail.ac4.yahoo.com>
References: <237220.24482.qm@web65501.mail.ac4.yahoo.com>
User-agent: KMail/1.12.4 (Linux/2.6.31.13-desktop-1mnb; KDE/4.3.5; x86_64; ; )

On Wednesday, 7 July 2010 23:06:40 Bryan Boone wrote:
> Hi everyone.  I am kinda a noob to OpenLDAP and SSL for that matter.
> 
> I am writting a web page that resides on a special piece of proprietary
>  hardware (not a PC) that I need authentication for (running linux with
>  apache server).  I would like LDAP to be one of the authentication methods
>  (this hardware will be a LDAP client) when a customer logs into the web
>  page of my device.  Of course I need this to support LDAP with SSL.
> 
> I went to the openldap website and found the directions to create and
>  generated the SSL certs and installed them in openLDAP (3 total).  There
>  is the server cert and key, and then the client cert.
> 
> You know how when connecting to a https:// website IE, or firefox will
>  prompt you if you want to accept the SSL certificate (if the cert is not
>  signed by a CA)?  Does openldap provide a mechanism that will accomplish
>  the same thing (automatic client cert acceptance)?

No.

>  Or will I need to
>  provide a way on my hardware where the customer can manualy upload his/her
>  client cert to the device?

If you want SSL cert validation, you must either ship with the CA certs you 
want, or provide a means to upload a CA cert.

Regards,
Buchan

References:
- Question about LDAP and SSL.
  - From: Bryan Boone <v_1bboon@yahoo.com>

Prev by Date: Adding replicant with ppolicy after the fact
Next by Date: Re: Question about LDAP and SSL.
Index(es):
- Chronological
- Thread