[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SUMMARY Re: client certificates -- howto?

To: openldap-software@OpenLDAP.org
Subject: Re: SUMMARY Re: client certificates -- howto?
From: Dieter Kluenter <dieter@dkluenter.de>
Date: Sun, 21 Sep 2003 23:45:11 +0200
In-reply-to: <1064173476.24610.139.camel@ron> (Jeff Warnica's message of "21 Sep 2003 16:44:37 -0300")
References: <1064015210.17179.68.camel@ron> <m3k784j6h7.fsf@marin.l4b.de> <1064085111.25017.4.camel@ron> <m34qz75ccz.fsf@marin.l4b.de> <1064098450.25017.15.camel@ron> <1064173476.24610.139.camel@ron>
User-agent: Gnus/5.1001 (Gnus v5.10.1) XEmacs/21.4 (Portable Code, linux)

Jeff Warnica <jeffw@chebucto.ns.ca> writes:

> After finishing up the summary I have a few questions:
>
> 1) Why isnt ldapwhoami converting "0.9.2342.19200300.100.1.1" to
>    "uid"?
don't know

> 2) Why is the SSF 0?

Because slapd is not aware of the security strength factor of an
external certificate, but there is a tls_ssf, see man slapd.access

> 3) Is there a .ldaprc directive to use the sasl EXTERNAL mech all the
> time?

See man ldap.conf

SASL_MECH EXTERNAL
would to the trick.

-Dieter
-- 
Dieter Kluenter  | Systemberatung
Tel:040.64861967 | Fax: 040.64891521
mailto: dkluenter(at)dkluenter.de
http://www.avci.de

Follow-Ups:
- Re: SUMMARY Re: client certificates -- howto?
  - From: Dieter Kluenter <dieter@dkluenter.de>

References:
- client certificates -- howto?
  - From: Jeff Warnica <jeffw@chebucto.ns.ca>
- Re: client certificates -- howto?
  - From: Dieter Kluenter <dieter@dkluenter.de>
- Re: client certificates -- howto?
  - From: Jeff Warnica <jeffw@chebucto.ns.ca>
- Re: client certificates -- howto?
  - From: Dieter Kluenter <dieter@dkluenter.de>
- Re: client certificates -- howto?
  - From: Jeff Warnica <jeffw@chebucto.ns.ca>
- SUMMARY Re: client certificates -- howto?
  - From: Jeff Warnica <jeffw@chebucto.ns.ca>

Prev by Date: RE: SUMMARY Re: client certificates -- howto?
Next by Date: Re: OpenLDAP on my Mac
Index(es):
- Chronological
- Thread