[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP Proxy using PKCS#11/SmartCard client authentication

To: Stefan.Scheidewig@t-systems.com
Subject: Re: OpenLDAP Proxy using PKCS#11/SmartCard client authentication
From: Dan White <dwhite@olp.net>
Date: Mon, 17 Jun 2013 08:48:13 -0500
Cc: openldap-technical@openldap.org
Content-disposition: inline
In-reply-to: <51BEC830.4080104@mms-dresden.de>
References: <51BEC830.4080104@mms-dresden.de>
User-agent: Mutt/1.5.21 (2010-09-15)

On 06/17/13 10:26 +0200, Stefan Scheidewig wrote:

Hello,
we have two LDAP instances. LDAP A acts as proxy for LDAP B using theldap-backend. Now we configured LDAP B to use client authentication.We successfully established a connection to LDAP B using OpenSSLs_client and the PKCS#11 engine (OpenSSL engine library). Now we wantthe LDAP proxy to establish the connection using this pkcs11 engine(we compiled the ldap proxy to use OpenSSL as TLS implementation). Isthere a posibility to tell the LDAP proxy to use the certificate andkey from the smartcard (e.g. something like pkcs11:slot_1-id_42) ?


I don't know. However, you could try to set tls_key=slot_1-id_42, but since
OpenLDAP does not provide a configurable engine selection (to my
knowledge), you'd need to find some way to set the engine to pkcs11,
perhaps with an environment variable or via a default config option in
/etc/openssl/, or via some openssl compile option.

--
Dan White

Follow-Ups:
- Re: OpenLDAP Proxy using PKCS#11/SmartCard client authentication
  - From: Stefan Scheidewig <sese@mms-dresden.de>

References:
- OpenLDAP Proxy using PKCS#11/SmartCard client authentication
  - From: Stefan Scheidewig <sese@mms-dresden.de>

Prev by Date: OpenLDAP Proxy using PKCS#11/SmartCard client authentication
Next by Date: Re: OpenLDAP Proxy using PKCS#11/SmartCard client authentication
Index(es):
- Chronological
- Thread