[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: openldap client cert validation

To: openldap-technical@openldap.org
Subject: Re: openldap client cert validation
From: btb@bitrate.net
Date: Sat, 6 Aug 2016 12:56:36 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bitrate.net; s=default; t=1470502597; bh=v29A1NtaNds5QZW5seP8Dh5V4nJGLb5cDQgsWQvHZ+I=; h=From:Subject:Date:References:To:In-Reply-To; b=oMA6ZE8cDjXmeXxmaoXkqZZlT4xnpDmBrWmoYiKW/+A890uenH1tadQmiWJBvGC6K jMhiuuXaOHtBTru2GtxGPLS2M6w/ouZtQuDfLX9yWwGpQT7/qcKqdHUvacjWSW3qMS KYiC6SsL8YO1W2VteCegwrH5eXm4QQX7yWAChzgU=
In-reply-to: <CAJs94EYodPWhscNhM35LM7ABOSmrLn7Pqit6ORangFX6eZqepQ@mail.gmail.com>
References: <CAJs94EaLpfd5gH-Qgtde9Z_rsC6MX9ON5m2M0ptUcCEGcxK9Hg@mail.gmail.com> <CAJs94EYodPWhscNhM35LM7ABOSmrLn7Pqit6ORangFX6eZqepQ@mail.gmail.com>

> On Aug 06, 2016, at 12.14, Matwey V. Kornilov <matwey.kornilov@gmail.com> wrote:
> 
> After inspecting source code I've just found that TLS_KEY and TLS_CERT
> are ignored if located in /etc/openldap/ldap.conf.
> Why does it not written in man ldap.conf(5) explicitly? 

from ldap.conf(5):

TLS_CERT <filename>
	Specifies the file that contains the client  certificate.
	This is a user-only option.

TLS_KEY <filename>
	Specifies the file that contains  the  private  key  that
	matches  the  certificate  stored  in  the  TLS_CERT file.
	Currently, the private key must not be protected  with  a
	password,  so  it  is of critical importance that the key
	file is protected carefully.  
	This is a user-only option.

both settings clearly state "This is a user-only option"

Attachment: smime.p7s
Description: S/MIME cryptographic signature

References:
- openldap client cert validation
  - From: "Matwey V. Kornilov" <matwey.kornilov@gmail.com>
- Re: openldap client cert validation
  - From: "Matwey V. Kornilov" <matwey.kornilov@gmail.com>

Prev by Date: Re: openldap client cert validation
Next by Date: Re: openldap client cert validation
Index(es):
- Chronological
- Thread