Hi all !
I use Fedora Directory Server 7.1 on Solaris 9, work great :-)
I use certificate authentication on SSL with SASL external methode, work great
when the corresponding DN entry in certificate) exist in LDAP directory.
So, i tried to find a way to do that when no corresponding entry exist... but i
can't find how to...
I tried SASL mapping...
special ACL perhaps ?
I know it's possible because that work with openLDAP (or perhaps it's a bug :-)
So, anyone have succesfull bind with certificate authentication with SASL
external methode without correponding LDAP entry ?
Thanks
Yann
Log ko without entry :
[06/Feb/2006:22:13:02 +0000] conn=6 SSL 128-bit RC4; client CN=toto
titi,OU=TEST,O=TEST; issuer O=TEST
[06/Feb/2006:22:13:02 +0000] conn=6 SSL failed to map client certificate to LDAP
DN (No such object)
[06/Feb/2006:22:13:02 +0000] conn=6 op=0 BIND dn="cn=toto titi,OU=TEST,o=TEST"
method=sasl version=3 mech=EXTERNAL
[06/Feb/2006:22:13:02 +0000] conn=6 op=0 RESULT err=49 tag=97 nentries=0 etime=0
Log ok with a corresponding entry :
[06/Feb/2006:16:16:58 +0000] conn=108 SSL 128-bit RC4; client CN=toto
titi,OU=TEST,O=TEST; issuer O=TEST
[06/Feb/2006:16:16:58 +0000] conn=108 SSL client bound as cn=toto
titi,ou=TEST,o=TEST
[06/Feb/2006:16:16:58 +0000] conn=108 op=0 BIND dn="cn=toto titi,ou=TEST,o=TEST"
method=sasl version=3 mech=EXTERNAL