Introduction To Sasl - Red Hat DIRECTORY SERVER 7.1 - ADMINISTRATOR Administrator's Manual

NOTE
In the Directory Server, modify the directory entry for the user who owns the
5.
client certificate to add the
a.
b.
c.
For information on using the Directory Server Console to edit entries, refer to
"Modifying Directory Entries," on page 49.
You can now use SSL with your LDAP clients. For information on how to use SSL
with
Configuration, Command, and File Reference.

Introduction to SASL

Directory Server supports LDAP client authentication through the Simple
Authentication and Security Layer (SASL), an alternative to SSL/TLS and a native
way for some applications to share information securely.
Do not map your certificate-based-authentication certificate to a
distinguished name under
to a DN under
to a target located elsewhere in the directory information tree.
Make sure that the
certmap.conf
Server simply searches for an entry in the directory that matches
the information in the
it grants access without actually checking the value of the
userCertificate
Select the Directory tab, and navigate to the user entry.
Double click the user entry, and use the Property Editor to add the
userCertificate
When you add this attribute, instead of an editable field, the server
provides a Set Value button.
Click Set Value.
A file selector is displayed. Use it to select the binary file you created in
Step 3.
,
ldapmodify ldapdelete
cn=monitor
, your bind will fail. Map your certificate
cn=monitor
parameter is set to
verifyCert
file. If this parameter is not set to
certmap.conf
and
userCertificate;binary
userCertificate
attribute, with the
binary
, and
ldapsearch
Introduction to SASL
. If you map your certificate
in the
on
, Directory
on
file. If the search is successful,
attributes.
attribute.
subtype.
, refer to Red Hat Directory Server
Chapter 11 Managing SSL and SASL 439