Hi Andrew >I suspect that you do not want that. It would force every client to >have a client-side X.509 certificate. Good for secure authentication, >but more effort to manage than most people are prepared to handle.
Is it because of the certificte expiration or something like that tha's hard to mantain? >That is because you tried to add it to a database but it is a global option. I added to the global section cn=config and do not see it. >Are you really using the BDB database? It has been deprecated for some time now. >I would suggest using MDB Yes my bad, after I went to production, I was told that backend was deprecated, is there any doc related to migrate from one backend to another or should I reconfigure the whole database from scratch ? Thanks for your time and support, really appreciated. Regards. 2014-10-30 9:23 GMT-03:00 Andrew Findlay <[email protected]>: > On Thu, Oct 30, 2014 at 08:11:31AM -0300, Net Warrior wrote: > > > 1 ) Added tls_reqcert demand to the client side > > 2 ) Configured a user to bind instead of anonymous > > binddn cn=ldapuser,Ou=Users,dc=server,dc=com > > bindpwd :$6$oZ8qYohy$lU0sYJXInOO1ISO4WKgzeuDyyFh9a > > Good. > > > 3 ) Added olcTLSVerifyClient:demand to server side: > > I suspect that you do not want that. It would force every client to > have a client-side X.509 certificate. Good for secure authentication, > but more effort to manage than most people are prepared to handle. > > > Object added to server: > > > > dn: olcDatabase={2}bdb,cn=config > > changetype:modify > > add: olcTLSVerifyClient:demand > > > > Still I did not corrected my ACL but I do not see > olcTLSVerifyClient:demand > > reflected on my configuration > > That is because you tried to add it to a database but it is a global > option. > > > Are you really using the BDB database? It has been deprecated for some > time now. > I would suggest using MDB. > > Andrew > -- > ----------------------------------------------------------------------- > | From Andrew Findlay, Skills 1st Ltd | > | Consultant in large-scale systems, networks, and directory services | > | http://www.skills-1st.co.uk/ +44 1628 782565 | > ----------------------------------------------------------------------- >
