[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SSL client certificate mapping?

At 07:16 AM 2001-12-11, Kartik Subbarao wrote:
>I hadn't gotten any conclusive answers to some questions I asked last week, so I thought I'd ask them again:

OpenLDAP supports client assertion of certificates when using
TLS (StartTLS) or SSL (ldaps://).  As detailed in RFC 2830,
OpenLDAP supports use of SASL/EXTERNAL to use authentication
identity provided by the lower level (TLS/SSL) in establishment
of the LDAP authentication and authorization associations.
This includes support for identity mapping and proxy authorization

In absence of a successfully completed SASL/EXTERNAL operation
or other bind operation, the LDAP association is anonymous per
RFC 2829.