[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP, SSL and client authentication

To: Antonio Ruiz Martínez <arm@dif.um.es>
Subject: Re: OpenLDAP, SSL and client authentication
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Fri, 21 May 2004 12:39:45 -0700
Cc: openldap-software@OpenLDAP.org
In-reply-to: <40AE47EF.B443F233@dif.um.es>
References: <40AE47EF.B443F233@dif.um.es>

At 11:18 AM 5/21/2004, Antonio Ruiz Martínez wrote:
>Hello!
>
>    I'm a new user of OpenLDAP and I'm trying to configuring OpenLDAP
>with client's authentication.
>I think I have done the correct steps in order to configure OpenLDAP
>with SSL and only using the server authentication. I have read that the
>change in order to support client's authentication is to change the
>value of TLSVerifyClient. But my problem is the following:
>I would like to configure my directory with some public attributes and
>some private attributes for each user. And I would like everybody can
>read the public attributes and I would like that the private attributes
>can only read by the owner user. I would like to allow the user to read
>the private attributes when he is authenticated with the client's
>authentication over ssl. The problem is that besides the client's
>authetication he requests me the password and I wouldn't like to
>introduce a password because with the client's autenthication I can be
>sure the client is the correct user in order to access the private data.
>How can I solve my problem? Can you guide me, please?

Use SASL/EXTERNAL (as discussed in http://www.openldap.org/doc/admin22/tls.html).

Kurt

Follow-Ups:
- Re: OpenLDAP, SSL and client authentication
  - From: Antonio Ruiz Martínez <arm@dif.um.es>

References:
- OpenLDAP, SSL and client authentication
  - From: Antonio Ruiz Martínez <arm@dif.um.es>

Prev by Date: Re: TLS still can't accept....ssl handshake problem
Next by Date: Re: TLS still can't accept....ssl handshake problem
Index(es):
- Chronological
- Thread