[Date Prev][Date Next]
RE: User certs checking
> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of tsg
> hi all!
> 1. As I understood, openldap (v 2.1.12) when verifying user
> checks only CA, signed sertificate, but not the certificate
> itself and not
> the user dn in it. Is it true? How can make openldap check the user
> certificate and user DN?
The user certificate is checked. The DN in the certificate is extracted and
its syntax is checked. An invalid DN is rejected. Ordinarily, you cannot
create a cert with an invalid DN, so it's very rare for the DN to get
> 2. Does openldap works with CRLs?
OpenLDAP does nothing special for revocation lists. Whether or not OpenSSL
does anything with them automatically, I don't recall.
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
Symas: Premier OpenSource Development and Support