To Automatically Authenticate Clients that Have a Secure Communication Channel - PingDirectory

To Automatically Authenticate Clients that Have a Secure Communication Channel - PingDirectory - 7.3

PingDirectory

bundle

pingdirectory-73

ft:publication_title

PingDirectory

Product_Version_ce

PingDirectory 7.3

category

Product

pd-73

pingdirectory

ContentType_ce

Page created: 24 Jul 2019 |

Page updated: 6 Nov 2019

| 1 min read

7.3 Product PingDirectory

The Directory Server provides an option to automatically authenticate clients that have a secure communication channel (either SSL or StartTLS) and presented their own certificate. This option is disabled by default, but when enabled, the net effect will be as if the client issued a SASL EXTERNAL bind request on that connection.

This option will be ignored if the client connection is already authenticated (e.g., because it is using StartTLS but the client had already performed a bind before the StartTLS request). If the bind attempt fails, then the connection will remain unauthenticated but usable. If the client subsequently sends a bind request on the connection, then it will be processed as normal and any automatic authentication will be destroyed.

Run the following dsconfig command.

$ bin/dsconfig set-connection-handler-prop \ 
  --handler-name "LDAPS Connection Handler" \ 
  --set "auto-authenticate-using-client-certificate:true"