Re: TLS client certificate pb

[Dieter Kluenter <dieter@dkluenter.de>]

Tony Earnshaw <tonni@billy.demon.nl> writes:

> tir, 2003-03-04 kl. 13:15 skrev Francois Beretti
>
>> I still haven't found how to have tls working with client certificate
>> verification...
>> 
>> Is it required for this to use SASL EXTERNAL ?

> SASL External is simply wire encryption (either ssl or tls). Client
> certificates are not needed for it.

No, here you are wrong, External is a SASL mechanism for authentication.

Just write a saslRegexp to match your CN and you can use certificates
to authenticate. Here ist the output of my certificate
-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.--
ieter@marin:/usr/local/bin> ./ldapsearch -Y EXTERNAL -ZZ -b "cn=connections,cn=monitor" -s base
SASL/EXTERNAL authentication started
SASL username: Email=dieter@xxxxx,CN=Dieter Kluenter\2Cou=partner\2Cou=users\2Co=avci\2Cc=de,OU=ldapclient,O=avci,L=Hamburg,ST=Germany,C=DE
SASL SSF: 0
-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.


-Dieter
-- 
Dieter Kluenter  | Systemberatung
Tel:040.64861967 | Fax: 040.64891521
mailto: dkluenter@schevolution.com
http://www.schevolution.com/tour