Few ldapd questions

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Few ldapd questions

Predrag Punosevac-2
Hi Misc,

I have been using ldapd for the past five years for centralized user
authorization and authentication for a growing university research
group. Secured connections are provided using STARTTLS even thought all
queries are done on the private network. More recently I did some more
reading and forced all openldap-clients to use FIPS approved algorithms
for higher security protection

https://csrc.nist.gov/csrc/media/publications/fips/140/2/final/documents/fips1402annexa.pdf

Things appear to be working like a charm. However I am a bit confused
about doing two things with ldapd.

By reading man pages

https://man.openbsd.org/ldapd.conf.5

it seems to me that able to deny anonymous reads from the machines with
valid certificate of authority of my LDAP server by adding some kind
filter rules. However, I am unable to find any ldapd examples.
Secondly is there a way for ldapd to deny access to client machines
which don't present valid client certificates and keys?

Thanks for your help.
Predrag