[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP with ssl client certs

Brent Bice wrote:
     I was recently asked if we could use ssl client certs as a 2nd form
of authentication with OpenLDAP and didn't know for sure.  Is it
possible to have OpenLDAP require both a DN/password pair *and* a client
ssl cert?

You can make the server require a client cert, but it won't use the certificate identity for anything unless you Bind with SASL/EXTERNAL.


And naturally, if you're using SASL, then the DN/password pair is ignored.

  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/