--On Tuesday, February 14, 2017 3:16 AM +0000 ryan@nardis.ca wrote:

I found that useful in a setup very similar to what Andreas and Michael describe: slapd with a server certificate issued by an external/public CA, but trusting only a specific internal CA to authenticate clients.

I found this to be a very common scenario while working for Zimbra. Many of the clients had a commercial sever cert but used their own CA for internal client cert auth. It would be extremely helpful for OpenLDAP to better support these types of configurations.

--Quanah

--

Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com