upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2026-01-05 22:50:51 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

More for ITS#6839

Browse source
This commit is contained in:
Howard Chu 2011-02-23 03:40:08 +00:00
parent 9b08a59602
commit bb93a17d42
1 changed files with 6 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
doc/guide/admin/sasl.sdf
View file

@ -302,12 +302,14 @@ format:
H4: TLS Authentication Identity Format
This is usually the Subject DN from the client-side certificate.
The order of the components will be changed to follow LDAP conventions,
so a certificate issued to {{EX:C=gb, O=The Example Organisation, CN=A Person}}
This is the Subject DN from the client-side certificate.
Note that DNs are displayed differently by LDAP and by X.509, so
a certificate issued to
> C=gb, O=The Example Organisation, CN=A Person
will produce an authentication identity of:
> cn=A Person,o=The Example Organisation,c=gb
> cn=A Person,o=The Example Organisation,c=gb
Note that you must set a suitable value for TLSVerifyClient to make the server
request the use of a client-side certificate. Without this, the SASL EXTERNAL