Certificate based bind (SASL EXTERNAL)

Suggestions, wishes, feedbacks

Moderator: Support

Certificate based bind (SASL EXTERNAL)

Postby rba » Fri Jan 26, 2007 1:13 pm

Hi Support,

Is it possible using the current version 3.4 of LDAP Administrator to
bind using the certificate from my Windows certificate store?

I tried with "GSS Negotiate" but it seems that the "SASL EXTERNAL" mechanism is not supported. (True?)

Is this some configuration change I have to do? Or if not, can you please consider add this feature?

The security people from my customer will push us to integrate password-less directory administration. (Especially for directory manager roles!)

Let me know what you think.

Kind regards,
Roman Baumer
rba
 
Posts: 3
Joined: Fri Jan 26, 2007 1:01 pm

Postby Support » Mon Feb 05, 2007 1:23 pm

SASL EXTERNAL is not currently supported. We'll consider implementing it in version 4.0 which is going to be released later this year.
Support
 
Posts: 895
Joined: Sun Aug 12, 2001 12:00 am

Re: Certificate based bind (SASL EXTERNAL)

Postby rba » Wed Feb 25, 2009 11:39 am

I had a closer look at the API from MS which I expect you're using. And it seems it doesn't support SASL EXTERNAL it directly.

But it seems possible to pass it in the bind operation as a hex value directly. Have a look at:
http://blogs.msdn.com/adamw/archive/200 ... 29-07.aspx

I hope this can be helpful for an implementation since we are still looking forward to this feature.

Kind regards,
Roman
rba
 
Posts: 3
Joined: Fri Jan 26, 2007 1:01 pm

Re: Certificate based bind (SASL EXTERNAL)

Postby Support » Wed Feb 25, 2009 3:00 pm

thank you for the information. we'll take a look at what we can do.
Support
 
Posts: 895
Joined: Sun Aug 12, 2001 12:00 am

Re: Certificate based bind (SASL EXTERNAL)

Postby rba » Thu Feb 04, 2010 1:30 pm

Great. You introduced this feature in 2010.1.

Yet I tried to connect to an LDAPS listener, which is not explicitly request the client certificate and it didn't worked.

Can I configure in LDAP Administrator 2010.1 somewhere to send the client certificate to open the connection to the server?

Regards,
Roman
rba
 
Posts: 3
Joined: Fri Jan 26, 2007 1:01 pm

Re: Certificate based bind (SASL EXTERNAL)

Postby Support » Wed Feb 10, 2010 1:08 pm

Can I configure in LDAP Administrator 2010.1 somewhere to send the client certificate to open the connection to the server?


It's rather unlikely. We do not control SSL/TLS negotiation process. Everything is cooked inside wldap32.dll. If it doesn't work there is nothing left for us to do.
Support
 
Posts: 895
Joined: Sun Aug 12, 2001 12:00 am


Return to Suggestions

Who is online

Users browsing this forum: No registered users and 0 guests

cron