[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: tlsverifyclient security implications
Josh Mullis <josh.mullis@cox.com> wrote:
> What are the security implications concerning the following setting in
> slapd.conf:
> tlsverifyclient allow
As far as I understand, if the client sends a certificate, then slapd
can use it to map client to a LDAP DN, like this:
authz-regexp cn=foo uid=foo,dc=example,dc=net
If the client does not send a certificate, it can still connect.
--
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@netbsd.org