开发者

Client authentication with RubyLDAP ldap

开发者 https://www.devze.com 2022-12-31 07:40 出处:网络
I\'m trying to implement a feature that uses LDAP over SSL (SSL, not TLS), it needs to connect to a SSL-enabled LDAP server (i.e OpenLDAP), bind and then do any additional queries. It also needs to su

I'm trying to implement a feature that uses LDAP over SSL (SSL, not TLS), it needs to connect to a SSL-enabled LDAP server (i.e OpenLDAP), bind and then do any additional queries. It also needs to support client-authentication, and this is where things get tricky: The client is a web application written in Ruby, and we are using RubyLDAP (so far we have used it for non-SSL ldap stuff with great success).

My question is: Is there a way to load a client certificate and send its data over the wire to the LDAP server when doing a LDAP::SSLConn? I haven't found an开发者_StackOverflow中文版ything obvious on the API docs (http://ruby-ldap.sourceforge.net/rdoc/) nor while googling around.

I know I that I can prevent the server from asking for a certificate by putting the following on slapd.conf (OpenLDAP):

TLSVerifyClient never

However, this is not an option here.

Thanks,

Marcelo.


I don't know if this is still relevant. Do you need a client cert? You can also use bind users and acl's in openldap. This would be much easier and manageable from within your openldap server than client cert's.

To enable the client side ssl you need to point ruby-ldap to the correct CA cert, the one that singed your servers cert. on your client, in the /etc/openldap/ldap.conf

TLS_CACERT /etc/ssl/yourldapsca.pem
0

精彩评论

暂无评论...
验证码 换一张
取 消