Re: openldap client cert validation

6 Aug 2016


      2016-08-06 20:03 GMT+03:00 Ryan Tandy ryan@nardis.ca:
...
On Sat, Aug 06, 2016 at 07:14:37PM +0300, Matwey V. Kornilov wrote:
...
After inspecting source code I've just found that TLS_KEY and TLS_CERT
are ignored if located in /etc/openldap/ldap.conf.
Why does it not written in man ldap.conf(5) explicitly?
It is.
  TLS_CERT <filename>
         Specifies the file that contains the client certificate.  This

is a user-only option.
[...]
  TLS_KEY <filename>
         Specifies the file that contains the private key that matches

the certificate stored in the TLS_CERT file. Currently, the private key must
not be protected with a password, so it is of  critical  importance  that
             the key file is protected carefully.  This is a user-only
option.
"User-only" is defined at the top of the page:
    Some options are user-only.  Such options are ignored if present in

the ldap.conf (or file specified by LDAPCONF).
However, I'll prepare a patch issuing a warning in
openldap_ldap_init_w_conf. Don't you mind?
-- 
With best regards,
Matwey V. Kornilov
http://blog.matwey.name
xmpp://0x2207@jabber.ru

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

Re: openldap client cert validation