From: Howard Chu Date: Wed, 23 Feb 2011 03:40:08 +0000 (+0000) Subject: More for ITS#6839 X-Git-Tag: MIGRATION_CVS2GIT~61 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=bb93a17d42f1942c6136388ff9820abaa83750c0;p=openldap More for ITS#6839 --- diff --git a/doc/guide/admin/sasl.sdf b/doc/guide/admin/sasl.sdf index 6dde65b3f3..af46c9986a 100644 --- a/doc/guide/admin/sasl.sdf +++ b/doc/guide/admin/sasl.sdf @@ -302,12 +302,14 @@ format: H4: TLS Authentication Identity Format -This is usually the Subject DN from the client-side certificate. -The order of the components will be changed to follow LDAP conventions, -so a certificate issued to {{EX:C=gb, O=The Example Organisation, CN=A Person}} +This is the Subject DN from the client-side certificate. +Note that DNs are displayed differently by LDAP and by X.509, so +a certificate issued to +> C=gb, O=The Example Organisation, CN=A Person + will produce an authentication identity of: -> cn=A Person,o=The Example Organisation,c=gb +> cn=A Person,o=The Example Organisation,c=gb Note that you must set a suitable value for TLSVerifyClient to make the server request the use of a client-side certificate. Without this, the SASL EXTERNAL