Re: access to certificate-based authentication database

[Dieter Kluenter <dieter@dkluenter.de>]

"Alexandre Tsu" <alexela_1999@sina.com> writes:

> hi,everybody
>
> who can tell me how to access a certificate-based LDAP authentication
> database? I built with TLS and run as ldaps:// protocol, but now problems
> appear---- I don't know how to access it . I set "TLSVerifyClient" to
> "demand", and I have both server certificate and client certificate
> well-maked. how can i send client certificate to server to authenticate my
> client? I will appreciate it if anybody could give me a solution about
> whatever using a C/C++ interface or Java interface or other interfaces ,
> event some informations.:-)
[...]

Create certificates for your users, sign these certificates with your
CA, make use auf sasl mechanism external, create a ~/.ldaprc for each
user including path to certificate and key. Start slapd on port 389,
that is without ldaps. Test your settings with ldapwhoami

dieter@marin:/usr/local/bin> ./ldapwhoami -Y EXTERNAL -ZZ
SASL/EXTERNAL authentication started
SASL username: CN=Dieter Kluenter,OU=partner,O=avci,C=de
SASL SSF: 0
dn:cn=dieter kluenter,ou=partner,o=avci,c=de


-Dieter

-- 
Dieter Kluenter  | Systemberatung
Tel:040.64861967 | Fax: 040.64891521
mailto: dkluenter@schevolution.com
http://www.schevolution.com/tour