[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP, SSL and client authentication

At 11:18 AM 5/21/2004, Antonio Ruiz Martínez wrote:
>    I'm a new user of OpenLDAP and I'm trying to configuring OpenLDAP
>with client's authentication.
>I think I have done the correct steps in order to configure OpenLDAP
>with SSL and only using the server authentication. I have read that the
>change in order to support client's authentication is to change the
>value of TLSVerifyClient. But my problem is the following:
>I would like to configure my directory with some public attributes and
>some private attributes for each user. And I would like everybody can
>read the public attributes and I would like that the private attributes
>can only read by the owner user. I would like to allow the user to read
>the private attributes when he is authenticated with the client's
>authentication over ssl. The problem is that besides the client's
>authetication he requests me the password and I wouldn't like to
>introduce a password because with the client's autenthication I can be
>sure the client is the correct user in order to access the private data.
>How can I solve my problem? Can you guide me, please?

Use SASL/EXTERNAL (as discussed in http://www.openldap.org/doc/admin22/tls.html).