..."If the client does not send a certificate, it can still connect."
Does that mean that traffic is still encrypted if a certificate is not used? ----- Original Message ----- From: Emmanuel Dreyfus <[email protected]> To: Mullis, Josh (CCI-Atlanta); [email protected] <[email protected]> Sent: Sun Aug 23 02:59:05 2009 Subject: Re: tlsverifyclient security implications Josh Mullis <[email protected]> wrote: > What are the security implications concerning the following setting in > slapd.conf: > tlsverifyclient allow As far as I understand, if the client sends a certificate, then slapd can use it to map client to a LDAP DN, like this: authz-regexp cn=foo uid=foo,dc=example,dc=net If the client does not send a certificate, it can still connect. -- Emmanuel Dreyfus http://hcpnet.free.fr/pubz [email protected]
