Re: OpenLDAP with ssl client certs
Brent Bice wrote:
I was recently asked if we could use ssl client certs as a 2nd
form
of authentication with OpenLDAP and didn't know for sure. Is it
possible to have OpenLDAP require both a DN/password pair *and* a client
ssl cert?
You can make the server require a client cert, but it won't use the
certificate identity for anything unless you Bind with SASL/EXTERNAL.
http://www.openldap.org/doc/admin24/sasl.html#EXTERNAL
And naturally, if you're using SASL, then the DN/password pair is ignored.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/