[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL rule match if client certificate was used?

To: Michael Ströder <michael@stroeder.com>
Subject: Re: ACL rule match if client certificate was used?
From: Patrick Hemmer <openldap@stormcloud9.net>
Date: Tue, 05 Jun 2012 16:48:40 -0400
Cc: openldap-technical@openldap.org
In-reply-to: <4FCE652C.7050800@stroeder.com>
References: <4FCE4522.4050102@stormcloud9.net> <4FCE652C.7050800@stroeder.com>
User-agent:
Z-usanet-msgid: XID562qFeuWQ0608X22

Sent: Tue Jun 05 2012 15:59:40 GMT-0400 (EDT)
From: Michael Ströder <michael@stroeder.com>
To: Patrick Hemmer <openldap@stormcloud9.net> openldap-technical@openldap.org
Subject: Re: ACL rule match if client certificate was used?

Patrick Hemmer wrote:

Is there any way to create an ACL rule which will match if a client
certificate was used on the connection or not?


This is usually not done via ACLs.

Basically you define an appropriate authz-regexp to map the subject DN of the
cert (part of authc-DN) to an LDAP entry DN (authz-DN).
Then your client has to send a SASL bind request with mechanism EXTERNAL.

Ciao, Michael.

Unfortunately I'm not using SASL, I'm doing simple binds.

-Patrick

References:
- ACL rule match if client certificate was used?
  - From: Patrick Hemmer <openldap@stormcloud9.net>
- Re: ACL rule match if client certificate was used?
  - From: Michael Ströder <michael@stroeder.com>

Prev by Date: Re: ACL rule match if client certificate was used?
Next by Date: Re: ACL rule match if client certificate was used?
Index(es):
- Chronological
- Thread