Hello!
Is it possible to configure slurpd for authenticating on its slave slapd servers using TLS/SASL EXTERNAL? If so, how do I configure it to use a specific X.509 certificate?
Thangs in advance!
Hi,
"Adam Brandizzi" brandizzi2@gmail.com writes:
Hello!
Is it possible to configure slurpd for authenticating on its slave slapd servers using TLS/SASL EXTERNAL? If so, how do I configure it to use a specific X.509 certificate?
create a user certificate with DN of the identity in question, place this user certificate with key and CA in some place, define TLS options in ldaprc of the identity. Configure client and slapd to request a certificate.
-Dieter
Adam Brandizzi brandizzi2@gmail.com wrote:
Is it possible to configure slurpd for authenticating on its slave slapd servers using TLS/SASL EXTERNAL? If so, how do I configure it to use a specific X.509 certificate?
I use it roughly that way:
TLSCertificateFile /etc/openssl/certs/cert.crt TLSCertificateKeyFile /etc/openssl/private/cert.key TLSCACertificateFile /etc/openssl/certs/cacert.crt TLSVerifyClient allow
sasl-secprops none authz-regexp "email=info@example.net,cn=slurpd,ou=example unit,o=example organisation,st=france,c=fr" "cn=slurpd,dc=example,dc=net"
database bdb suffix "dc=example,dc=net" directory /var/openldap/openldap-data index objectClass pres,eq updatedn "cn=slurpd,dc=example,dc=net" updateref ldaps://ldapmaster.example.net
access to attrs=userPassword by anonymous auth by dn.exact="cn=slurpd,dc=example,dc=net" write by * none
access to * by dn.exact="cn=slurpd,dc=example,dc=net" write by * read
openldap-software@openldap.org
-
Adam Brandizzi -
Dieter Kluenter -
manu@netbsd.org