François Beretti wrote:
No. The code currently requires an entry, and furthermore requires that entry has a userCertificate attribute whose value matches the client certificate.Hi, is it possible to do a SASL/EXTERNAL bind with a TLS certificate, while no user in the directory is mapped to the certificate DN ?
But you do want to use the access control features of Fedora DS on that identity. You are the second person to ask about this recently. This would probably involve quite a few code changes: 1) The client cert auth code would have to allow access by non-existent users. Perhaps we could use the cert db to optionally look up the certificate for comparison.If yes, is it possible then to give rights to certificate DN (so, to a DN that is not in the directory) ? I would like this if I don't want to store users in a directory (because they already are in another one.
2) The access control code would have to allow access by non-existent users.If the identity store is another LDAP server, you may be able to use chaining.
Thank you François -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
