[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS authentication for slurpd

Adam Brandizzi <brandizzi2@gmail.com> wrote:

> Is it possible to configure slurpd for authenticating on its slave
> slapd servers using TLS/SASL EXTERNAL? If so, how do I configure it to
> use a specific X.509 certificate?

I use it roughly that way:

TLSCertificateFile      /etc/openssl/certs/cert.crt
TLSCertificateKeyFile   /etc/openssl/private/cert.key
TLSCACertificateFile    /etc/openssl/certs/cacert.crt
TLSVerifyClient         allow

sasl-secprops none
authz-regexp    "email=info@example.net,cn=slurpd,ou=example
unit,o=example organisation,st=france,c=fr"

database        bdb
suffix          "dc=example,dc=net"
directory       /var/openldap/openldap-data
index           objectClass   pres,eq
updatedn        "cn=slurpd,dc=example,dc=net"
updateref       ldaps://ldapmaster.example.net

access to attrs=userPassword
    by anonymous auth
    by dn.exact="cn=slurpd,dc=example,dc=net" write
    by * none

access to *
    by dn.exact="cn=slurpd,dc=example,dc=net" write
    by * read

Emmanuel Dreyfus