[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: How to bind ldap2.4 with user certificate ?

On 03/26/12 17:38 +0200, Olivier wrote:

is there any way to bind an ldap server using user certificates rather
than user/password ?

I have experimented that using "bindmethod=sasl" and "saslmech=external"
"tls_cacert=CAFILE" and "tls_cert=PROXYUSERFILE" in olcSyncRepl section,
but I would like to also be able to bind ldap with a personnal certificate
rather than with a "user/passwd" when using ldapsearch for example.

How should I configure my "ldap.conf" and call "ldapsearch" to bind as
such ?

Add to your ~/.ldaprc:

TLS_CERT <filename>
TLS_KEY <key>

and in your global ldap.conf (or ~/.ldaprc), configure TLS_CACERT and
other appropriate defaults.

Also configure TLSVerifyClient/olcTLSVerifyClient on the server.

See ldap.conf(5) and slapd-config(5) for details.

Dan White