[389-users] Certificate based Authentication
David Partridge
dpartridge at tangible.net
Thu Sep 15 22:37:27 UTC 2011
Attempting to configure Certificate based authentication with SASL External
such that if TLS successfully completed the user is authenticated by
certificate DN as an authenticated user without the requirement for the
corresponding DN to be present in the Directory Server.
nsslapd-sasl-force-external: on is part of the puzzle what other SASL
mapping configurations are required to allow successful completion of
authenticated access. We can complete OU, O, C RDN values can be mapped and
certificate trust for clients properly configured, but cannot necessarily
make any mappings on certificate CN RDN values.
Example cert DN value: cn=[Lastname.Firstname.MI], OU=[Affiliation],
O=[Company Name], C=[ISO 3166 Country Code]
were OU could be multivalued in cert RDN.
David M. Partridge
dpartridge at tangible.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5719 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20110915/c3ebd57d/attachment.bin>
More information about the 389-users
mailing list