[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS authentication for slurpd

To: brandizzi2@gmail.com (Adam Brandizzi), OpenLDAP-software@openldap.org
Subject: Re: TLS authentication for slurpd
From: manu@netbsd.org (Emmanuel Dreyfus)
Date: Mon, 14 May 2007 18:14:23 +0200
In-reply-to: <a1f2851c0705140444m3c6b4576t9e6898fb258223f9@mail.gmail.com>
User-agent: MacSOUP/2.7 (unregistered for 114 days)

Adam Brandizzi <brandizzi2@gmail.com> wrote:

> Is it possible to configure slurpd for authenticating on its slave
> slapd servers using TLS/SASL EXTERNAL? If so, how do I configure it to
> use a specific X.509 certificate?

I use it roughly that way:

TLSCertificateFile      /etc/openssl/certs/cert.crt
TLSCertificateKeyFile   /etc/openssl/private/cert.key
TLSCACertificateFile    /etc/openssl/certs/cacert.crt
TLSVerifyClient         allow

sasl-secprops none
authz-regexp    "email=info@example.net,cn=slurpd,ou=example
unit,o=example organisation,st=france,c=fr"
"cn=slurpd,dc=example,dc=net"

database        bdb
suffix          "dc=example,dc=net"
directory       /var/openldap/openldap-data
index           objectClass   pres,eq
updatedn        "cn=slurpd,dc=example,dc=net"
updateref       ldaps://ldapmaster.example.net

access to attrs=userPassword
    by anonymous auth
    by dn.exact="cn=slurpd,dc=example,dc=net" write
    by * none

access to *
    by dn.exact="cn=slurpd,dc=example,dc=net" write
    by * read

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@netbsd.org

References:
- TLS authentication for slurpd
  - From: "Adam Brandizzi" <brandizzi2@gmail.com>

Prev by Date: Re: problem with ldif; please help
Next by Date: Re: problem with ldif; please help
Index(es):
- Chronological
- Thread