On 3/11/22 5:01 PM, Michael Ströder wrote:
You cannot modify the standard schema. But you can use overlay
slapo-constraint to limit the number of userPassword values to 1.
Thanks. This is useful, Michael.
You're speaking about TLS client certs? In theory you could use
libldap linked to OpenSSL with PKCS#11 support. But even if you manage
to get it working, the client setup is complicated and the usual
client software will not easily work with that.
Yeah, TLS client certs. I like complicated, so I may try, but for users
of course, something simpler is better.
Which users use the LDAP client? systemd has a directive
LoadCredential= which might also somewhat help.
Ah... this is a new thing to me Thanks again, Michael. I'm going to look
into it. I notice it's somewhat recent and that RedHat and variants do
not yet support it.
