[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Different TLSVerifyClient possible?


Martin Lesser <admin-openldap@better-com.de> writes:

> I start slapd on two adresses (localhost and external adress).
> For security reasons slapd.conf contains
>   TLSVerifyClient demand
> For the slapd running on I want to reduce TLSVerifyClient to
> never so only the slapd serving the external adress strictly depends on
> a valid client-cert. Otherwise I had to generate a client-cert for each
> local service which uses ldap.

Set TLSVerifyClient allow in slapd.conf and TLS_REQCERT try in your
hosts /etc/openldap/ldap.conf. Thus you only have to generate
client-certs for each host and not for each service.

Dieter Kluenter  | Systemberatung
Tel:040.64861967 | Fax: 040.64891521
mailto: dkluenter(at)dkluenter.de