Is it possible to configure OpenLDAP to trust all certs for validity but then also check a CRL to see if the certificate may have been revoked (to reject it)?

Sounds crazy to me and I highly doubt it but I'm asking because somebody handing us requirements is convinced that it is possible to not have connectivity to a CA, and validate a user cert for login using only a CRL.

Does that make any sense at all?


Thanks,
--
Frank