On 3/11/22 5:01 PM, Michael Ströder wrote:
You cannot modify the standard schema. But you can use overlay slapo-constraint to limit the number of userPassword values to 1.
Thanks. This is useful, Michael.
You're speaking about TLS client certs? In theory you could use libldap linked to OpenSSL with PKCS#11 support. But even if you manage to get it working, the client setup is complicated and the usual client software will not easily work with that.
Yeah, TLS client certs. I like complicated, so I may try, but for users of course, something simpler is better.
Which users use the LDAP client? systemd has a directive LoadCredential= which might also somewhat help.
Ah... this is a new thing to me Thanks again, Michael. I'm going to look into it. I notice it's somewhat recent and that RedHat and variants do not yet support it.