How to disable certificate authentication in Red Hat Directory Server?

Solution Unverified - Updated -

Issue

  • We regularly get connections from several of our applications which look like this in the access log:

    [10/Nov/2015:08:52:03 +0100] conn=30780846 TLS1.0 failed to map client certificate to LDAP DN (No such object)
    
  • In the error log this causes an error:

    [10/Nov/2015:08:52:03 +0100] - slapi_search_internal ("CN=application.example.com,OU=Org. Unit,O=Org.,L=City,ST=State,C=Country", subtree, objectclass=*) err 32
    
  • As far as I see it, since the client presents a certificate, RHDS will first attempt certificate based authentication but since we have no certificate mapping in place and no certs in the actual LDAP database, this will fail.

  • Is there any way we can disable this certificate authentication server-side? All clients we know of just use simple auth with a password.

Environment

  • Red Hat Directory Server (RHDS) 9 and 10

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content