[Date Prev][Date Next] [Chronological] [Thread] [Top]

Different TLSVerifyClient possible?



I start slapd on two adresses (localhost and external adress).

For security reasons slapd.conf contains

  TLSVerifyClient demand

For the slapd running on 127.0.0.1 I want to reduce TLSVerifyClient to
never so only the slapd serving the external adress strictly depends on
a valid client-cert. Otherwise I had to generate a client-cert for each
local service which uses ldap.

Is this possible without using alternatives like stunnel?

TIA, Martin