[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP with ssl client certs

To: Brent Bice <bbice@sgi.com>, "openldap-technical@openldap.org" <openldap-technical@openldap.org>
Subject: Re: OpenLDAP with ssl client certs
From: Howard Chu <hyc@symas.com>
Date: Fri, 01 Nov 2013 10:07:57 -0700
In-reply-to: <5273D6A8.5010500@sgi.com>
References: <5273D6A8.5010500@sgi.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:27.0) Gecko/20100101 Firefox/27.0 SeaMonkey/2.24a1

Brent Bice wrote:

     I was recently asked if we could use ssl client certs as a 2nd form
of authentication with OpenLDAP and didn't know for sure.  Is it
possible to have OpenLDAP require both a DN/password pair *and* a client
ssl cert?

You can make the server require a client cert, but it won't use thecertificate identity for anything unless you Bind with SASL/EXTERNAL.


http://www.openldap.org/doc/admin24/sasl.html#EXTERNAL

And naturally, if you're using SASL, then the DN/password pair is ignored.

--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

Follow-Ups:
- Re: OpenLDAP with ssl client certs
  - From: Michael Ströder <michael@stroeder.com>

References:
- OpenLDAP with ssl client certs
  - From: Brent Bice <bbice@sgi.com>

Prev by Date: Re: OpenLDAP with ssl client certs
Next by Date: Re: OpenLDAP with ssl client certs
Index(es):
- Chronological
- Thread