François Beretti
2006-Feb-23 14:17 UTC
[Fedora-directory-users] TLS authentication without a user mapped
Hi, is it possible to do a SASL/EXTERNAL bind with a TLS certificate, while no user in the directory is mapped to the certificate DN ? If yes, is it possible then to give rights to certificate DN (so, to a DN that is not in the directory) ? I would like this if I don''t want to store users in a directory (because they already are in another one. Thank you François
Richard Megginson
2006-Feb-23 14:54 UTC
Re: [Fedora-directory-users] TLS authentication without a user mapped
David Boreham
2006-Feb-23 15:13 UTC
Re: [Fedora-directory-users] TLS authentication without a user mapped
François Beretti wrote:>I would like this if I don''t want to store users in a directory >(because they already are in another one. > >This would be a new feature. You''d need to write code to implement it (or someone would). Problem is that there are a bunch of places in the code where the existance of an entry with the bind identity is assumed. So it wouldn''t be quite as simple as taking the cert DN and copying it into the bind DN for the session.
François Beretti
2006-Mar-01 12:05 UTC
Re: [Fedora-directory-users] TLS authentication without a user mapped
Sorry for my late answer. When binding with cn=Directory Manager, the user does not exist. So the existance of the entry does not seem to be always requiered, does it ? François 2006/2/23, David Boreham <david_list@boreham.org>:> This would be a new feature. You''d need to write code to > implement it (or someone would). Problem is that there are > a bunch of places in the code where the existance of an > entry with the bind identity is assumed. So it wouldn''t be > quite as simple as taking the cert DN and copying it into > the bind DN for the session. > > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >