[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL rule match if client certificate was used?

Patrick Hemmer wrote:
> Is there any way to create an ACL rule which will match if a client
> certificate was used on the connection or not?

This is usually not done via ACLs.

Basically you define an appropriate authz-regexp to map the subject DN of the
cert (part of authc-DN) to an LDAP entry DN (authz-DN).
Then your client has to send a SASL bind request with mechanism EXTERNAL.

Ciao, Michael.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature