22 Aug
2009
22 Aug
'09
9:30 p.m.
Hello all,
Having a hard time finding the answer to this question...
What are the security implications concerning the following setting in slapd.conf: tlsverifyclient allow
I see a lot of openldap/tls related howto's stating to use this setting.
Thanks for any help. -Josh
22 Aug
22 Aug
11:59 p.m.
Josh Mullis josh.mullis@cox.com wrote:
What are the security implications concerning the following setting in slapd.conf: tlsverifyclient allow
As far as I understand, if the client sends a certificate, then slapd can use it to map client to a LDAP DN, like this: authz-regexp cn=foo uid=foo,dc=example,dc=net
If the client does not send a certificate, it can still connect.
--
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@netbsd.org
5600
Age (days ago)
5600
Last active (days ago)
openldap-software@openldap.org
1 comments
2 participants
participants (2)
-
Josh Mullis -
manu@netbsd.org