I have been using ldapd for the past five years for centralized user
authorization and authentication for a growing university research
group. Secured connections are provided using STARTTLS even thought all
queries are done on the private network. More recently I did some more
reading and forced all openldap-clients to use FIPS approved algorithms
for higher security protection
it seems to me that able to deny anonymous reads from the machines with
valid certificate of authority of my LDAP server by adding some kind
filter rules. However, I am unable to find any ldapd examples.
Secondly is there a way for ldapd to deny access to client machines
which don't present valid client certificates and keys?