On Fri, Mar 13, 2015 at 8:40 PM, Marc Boorshtein <mboorshtein@gmail.com> wrote:

Well thats untrue.  The certificate can be used for user mapping, authorization, etc.  This is VERY common in the HTTP world.  In a servlet you can get the certificate, DN, etc from the request object.  

not the case in LDAP, AFAIK

OK well if it wasn't the case I wouldn't have folks asking for it :-)  
never heard of such requirement before, curious about the usecase though

Don't have 100% of the use case either.  Someone's looking for MyVD to give them the client certificate in an insert (our equivalent of an interceptor) so they can do authorizations.  For service accounts its very elegant if you think about it as it eliminates the need for passwords (assuming thats what its for). 
sounds quite heavy, cause the CRL needs to be maintained/verified on the LDAP server

thanks for sharing.

Kiran Ayyagari