How to disable certificate authentication in Red Hat Directory Server?
Issue
-
We regularly get connections from several of our applications which look like this in the access log:
[10/Nov/2015:08:52:03 +0100] conn=30780846 TLS1.0 failed to map client certificate to LDAP DN (No such object)
-
In the error log this causes an error:
[10/Nov/2015:08:52:03 +0100] - slapi_search_internal ("CN=application.example.com,OU=Org. Unit,O=Org.,L=City,ST=State,C=Country", subtree, objectclass=*) err 32
-
As far as I see it, since the client presents a certificate, RHDS will first attempt certificate based authentication but since we have no certificate mapping in place and no certs in the actual LDAP database, this will fail.
- Is there any way we can disable this certificate authentication server-side? All clients we know of just use simple auth with a password.
Environment
- Red Hat Directory Server (RHDS) 9 and 10
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.