[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL rule match if client certificate was used?

To: Patrick Hemmer <openldap@stormcloud9.net>
Subject: Re: ACL rule match if client certificate was used?
From: Michael Ströder <michael@stroeder.com>
Date: Tue, 05 Jun 2012 21:59:40 +0200
Cc: openldap-technical@openldap.org
In-reply-to: <4FCE4522.4050102@stormcloud9.net>
References: <4FCE4522.4050102@stormcloud9.net>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:12.0) Gecko/20120429 Firefox/12.0 SeaMonkey/2.9.1

Patrick Hemmer wrote:
> Is there any way to create an ACL rule which will match if a client
> certificate was used on the connection or not?

This is usually not done via ACLs.

Basically you define an appropriate authz-regexp to map the subject DN of the
cert (part of authc-DN) to an LDAP entry DN (authz-DN).
Then your client has to send a SASL bind request with mechanism EXTERNAL.

Ciao, Michael.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Follow-Ups:
- Re: ACL rule match if client certificate was used?
  - From: Patrick Hemmer <openldap@stormcloud9.net>

References:
- ACL rule match if client certificate was used?
  - From: Patrick Hemmer <openldap@stormcloud9.net>

Prev by Date: Re: slaptest conversion of acl regex'es drops backslashes (correct resubmission 2)
Next by Date: Re: ACL rule match if client certificate was used?
Index(es):
- Chronological
- Thread