On 03/26/12 17:38 +0200, Olivier wrote:
is there any way to bind an ldap server using user certificates rather
than user/password ?
I have experimented that using "bindmethod=sasl" and
"tls_cacert=CAFILE" and "tls_cert=PROXYUSERFILE" in olcSyncRepl
but I would like to also be able to bind ldap with a personnal certificate
rather than with a "user/passwd" when using ldapsearch for example.
How should I configure my "ldap.conf" and call "ldapsearch" to bind
Add to your ~/.ldaprc:
and in your global ldap.conf (or ~/.ldaprc), configure TLS_CACERT and
other appropriate defaults.
Also configure TLSVerifyClient/olcTLSVerifyClient on the server.
See ldap.conf(5) and slapd-config(5) for details.