Re: about userCertificate

[Dieter Kluenter <dieter@dkluenter.de>]

Hi,

"alexela_1999" <alexela_1999@sina.com> writes:

> anybody has used userCertificate for certificated authentication?! and
> please , tell me , how to use this attribute ???
> I built certificated authentication server, but server only recognize
> certificates signed by CA, that's to say, certificates are authenticated
> when connect using EXTERNAL, even if user dn does not exist in LDAP server.
> the userCertificate attribute seems to take no effect. anybody know how to
> built a userCertificate controled authentication?

Authentication is done by sasl. If the user certifcate is validated, the
user is authenticated and has the rights of an authenticated user,
that is not depending on a users entry.
If you want to grant access only by authenticated users which have an
entry, you should declare it in access controls.

Following is the output of an authenticated user with an entry.
-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-
dieter@marin:~> ldapwhoami -Y EXTERNAL -ZZ
SASL/EXTERNAL authentication started
SASL username: CN=Dieter Kluenter,OU=partner,O=avci,C=de
SASL SSF: 0
dn:cn=dieter kluenter,ou=partner,o=avci,c=de
-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.

-Dieter

-- 
Dieter Kluenter  | Systemberatung
Tel:040.64861967 | Fax: 040.64891521
mailto: dkluenter@schevolution.com
http://www.schevolution.com/tour