[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SSL client certificate mapping?

To: Kartik Subbarao <kartik_subbarao@hp.com>
Subject: Re: SSL client certificate mapping?
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Sun, 16 Dec 2001 22:11:34 -0800
Cc: openldap-devel@OpenLDAP.org
In-reply-to: <3C16235D.7080602@hp.com>

At 07:16 AM 2001-12-11, Kartik Subbarao wrote:
>I hadn't gotten any conclusive answers to some questions I asked last week, so I thought I'd ask them again:

OpenLDAP supports client assertion of certificates when using
TLS (StartTLS) or SSL (ldaps://).  As detailed in RFC 2830,
OpenLDAP supports use of SASL/EXTERNAL to use authentication
identity provided by the lower level (TLS/SSL) in establishment
of the LDAP authentication and authorization associations.
This includes support for identity mapping and proxy authorization
policy.

In absence of a successfully completed SASL/EXTERNAL operation
or other bind operation, the LDAP association is anonymous per
RFC 2829.

Kurt

References:
- SSL client certificate mapping?
  - From: Kartik Subbarao <kartik_subbarao@hp.com>

Prev by Date: Re: win2k service issues
Next by Date: RE: back-bdb performance
Index(es):
- Chronological
- Thread