Re: TLS authentication for slurpd

Emmanuel Dreyfus Mon, 14 May 2007 09:43:43 -0700

Adam Brandizzi <[EMAIL PROTECTED]> wrote:

> Is it possible to configure slurpd for authenticating on its slave
> slapd servers using TLS/SASL EXTERNAL? If so, how do I configure it to
> use a specific X.509 certificate?


I use it roughly that way:

TLSCertificateFile      /etc/openssl/certs/cert.crt
TLSCertificateKeyFile   /etc/openssl/private/cert.key
TLSCACertificateFile    /etc/openssl/certs/cacert.crt
TLSVerifyClient         allow

sasl-secprops none
authz-regexp    "[EMAIL PROTECTED],cn=slurpd,ou=example
unit,o=example organisation,st=france,c=fr"
"cn=slurpd,dc=example,dc=net"

database        bdb
suffix          "dc=example,dc=net"
directory       /var/openldap/openldap-data
index           objectClass   pres,eq
updatedn        "cn=slurpd,dc=example,dc=net"
updateref       ldaps://ldapmaster.example.net

access to attrs=userPassword
    by anonymous auth
    by dn.exact="cn=slurpd,dc=example,dc=net" write
    by * none

access to *
    by dn.exact="cn=slurpd,dc=example,dc=net" write
    by * read

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
[EMAIL PROTECTED]

Re: TLS authentication for slurpd

Reply via email to