directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kiran Ayyagari <kayyag...@apache.org>
Subject Re: Where can I get the client certificate?
Date Fri, 13 Mar 2015 13:00:23 GMT
On Fri, Mar 13, 2015 at 8:40 PM, Marc Boorshtein <mboorshtein@gmail.com>
wrote:

>
>>>>> Well thats untrue.  The certificate can be used for user mapping,
>>>>> authorization, etc.  This is VERY common in the HTTP world.  In a servlet
>>>>> you can get the certificate, DN, etc from the request object.
>>>>>
>>>>> not the case in LDAP, AFAIK
>>>>
>>>
>>> OK well if it wasn't the case I wouldn't have folks asking for it :-)
>>>
>> never heard of such requirement before, curious about the usecase though
>>
>>>
>>>
> Don't have 100% of the use case either.  Someone's looking for MyVD to
> give them the client certificate in an insert (our equivalent of an
> interceptor) so they can do authorizations.  For service accounts its very
> elegant if you think about it as it eliminates the need for passwords
> (assuming thats what its for).
>
sounds quite heavy, cause the CRL needs to be maintained/verified on the
LDAP server

thanks for sharing.


-- 
Kiran Ayyagari
http://keydap.com

Mime
View raw message