How to disable certificate authentication in Red Hat Directory Server?
Issue
-
We regularly get connections from several of our applications which look like this in the access log:
[10/Nov/2015:08:52:03 +0100] conn=30780846 TLS1.0 failed to map client certificate to LDAP DN (No such object) -
In the error log this causes an error:
[10/Nov/2015:08:52:03 +0100] - slapi_search_internal ("CN=application.example.com,OU=Org. Unit,O=Org.,L=City,ST=State,C=Country", subtree, objectclass=*) err 32 -
As far as I see it, since the client presents a certificate, RHDS will first attempt certificate based authentication but since we have no certificate mapping in place and no certs in the actual LDAP database, this will fail.
- Is there any way we can disable this certificate authentication server-side? All clients we know of just use simple auth with a password.
Environment
- Red Hat Directory Server (RHDS) 9 and 10
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
