Hi Misc, I have been using ldapd for the past five years for centralized user authorization and authentication for a growing university research group. Secured connections are provided using STARTTLS even thought all queries are done on the private network. More recently I did some more reading and forced all openldap-clients to use FIPS approved algorithms for higher security protection
https://csrc.nist.gov/csrc/media/publications/fips/140/2/final/documents/fips1402annexa.pdf Things appear to be working like a charm. However I am a bit confused about doing two things with ldapd. By reading man pages https://man.openbsd.org/ldapd.conf.5 it seems to me that able to deny anonymous reads from the machines with valid certificate of authority of my LDAP server by adding some kind filter rules. However, I am unable to find any ldapd examples. Secondly is there a way for ldapd to deny access to client machines which don't present valid client certificates and keys? Thanks for your help. Predrag
