[Date Prev][Date Next] [Chronological] [Thread] [Top]

OpenLDAP and TLS

To: openldap-software@OpenLDAP.org
Subject: OpenLDAP and TLS
From: alan evetts <alan@silent5.com>
Date: Thu, 12 Sep 2002 11:35:46 -0700
Content-disposition: inline
User-agent: Mutt/1.3.27i

I am a bit confused about how the whole setup works, perphaps someone can point me to how I can accomplish this task.

Basically, I want my ldap server to only accept queries using TLS, and only when the clients certificate is known.

I would have imagined that setting TLSVerifyClient to "demand" would have set this - but it still allows connections that don't use TLS (but, does reject requests from clients requiring TLS when (that clients) cert is not known.

 ldapsearch -x -h ldap.host -b 'dc=base,dc=level' '(cn=something)'

 gets results

 ldapsearch -ZZ -x -h ldap.host -b 'dc=base,dc=level' '(cn=something)'

 does not

Now, the behaviour that I want is neither of these to work as this client does not have a configured cert.

To re-iterate; the _only_ requests I want my LDAP server to answer is those coming from clients using TLS that have the certs known on the server.  How can this be done?




-- 
alan evetts

Follow-Ups:
- RE: OpenLDAP and TLS
  - From: "Howard Chu" <hyc@symas.com>

Prev by Date: Re: Large 10 meg log files in the var/openldap-data directory
Next by Date: multiple records sharing data?
Index(es):
- Chronological
- Thread