On Tue, Feb 9, 2010 at 5:20 AM, Wallace Wadge <[email protected]> wrote:
> Hi, > > I have a requirement to only allow trusted clients to connect and fetch > data > off the apache DS (+ ability to revoke access). In other words I > require certificate based client authentication. > > Is this supported by Apache DS at all? I trawled all the docs I could find > but didn't find any suitable references. > > This is not support fully but can be easily implemented. The capability is there but a whitelist is needed, rather to be exact some kind of authorization configuration is needed to determine which clients must authenticate with their certificate and a configuration parameter to toggle normal authentication with passwords needs to be added. If this is done then the underlying MINA SSL capabilities should be sufficient with cert extraction from the DIT to validate the credentials of the client and authorize the connection. -- Alex Karasulu My Blog :: http://www.jroller.com/akarasulu/ Apache Directory Server :: http://directory.apache.org Apache MINA :: http://mina.apache.org
