ACL rule match if client certificate was used?

5 Jun 2012


      Is there any way to create an ACL rule which will match if a client 
certificate was used on the connection or not?
I'd like to do an ACL such as
to attrs=userPassword
by peername.ip="1.2.3.0%255.255.255.0" auth
by client_ssf="64" auth
Also set olcTLSVerifyClient=try
This will let our internal network authenticate against ldap without 
needing a client cert, but anyone outside our internal network must have 
one. We would then use our own CA to create certificates for all the 
clients and tell OpenLDAP to trust only that CA.
Obviously client_ssf doesnt exist, but is there another way of 
accomplishing this goal?
-Patrick

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

ACL rule match if client certificate was used?