Automatically authenticating clients that have a secure communication channel
The PingDirectory server provides the option to automatically authenticate clients that have a secure communication channel, either SSL or StartTLS, and to present their own certificate.
About this task
By default, this option is disabled. When enabled, the net effect is as if the client issued a SASL EXTERNAL bind request on that connection.
|
This option is ignored if the client connection is already authenticated, such as when using StartTLS, but the client had already performed a bind before the StartTLS request. If the bind attempt fails, the connection remains unauthenticated but usable. If the client subsequently sends a bind request on the connection, it’s processed as normal, and any automatic authentication is destroyed. |
Steps
-
Run the following
dsconfigcommand.Example:
$ bin/dsconfig set-connection-handler-prop \ --handler-name "LDAPS Connection Handler" \ --set "auto-authenticate-using-client-certificate:true"