[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: OpenLDAP Proxy using PKCS#11/SmartCard client authentication
On 06/17/13 10:26 +0200, Stefan Scheidewig wrote:
Hello,
we have two LDAP instances. LDAP A acts as proxy for LDAP B using the
ldap-backend. Now we configured LDAP B to use client authentication.
We successfully established a connection to LDAP B using OpenSSL
s_client and the PKCS#11 engine (OpenSSL engine library). Now we want
the LDAP proxy to establish the connection using this pkcs11 engine
(we compiled the ldap proxy to use OpenSSL as TLS implementation). Is
there a posibility to tell the LDAP proxy to use the certificate and
key from the smartcard (e.g. something like pkcs11:slot_1-id_42) ?
I don't know. However, you could try to set tls_key=slot_1-id_42, but since
OpenLDAP does not provide a configurable engine selection (to my
knowledge), you'd need to find some way to set the engine to pkcs11,
perhaps with an environment variable or via a default config option in
/etc/openssl/, or via some openssl compile option.
--
Dan White