More for ITS#6839

author Howard Chu <hyc@openldap.org>

Wed, 23 Feb 2011 03:40:08 +0000 (03:40 +0000)

committer Howard Chu <hyc@openldap.org>

Wed, 23 Feb 2011 03:40:08 +0000 (03:40 +0000)
author Howard Chu <hyc@openldap.org>
Wed, 23 Feb 2011 03:40:08 +0000 (03:40 +0000)
committer Howard Chu <hyc@openldap.org>
Wed, 23 Feb 2011 03:40:08 +0000 (03:40 +0000)
diff --git a/doc/guide/admin/sasl.sdf b/doc/guide/admin/sasl.sdf

index 6dde65b3f3eb4c0a7d8bb1727fe47e31ca4e3c26..af46c9986a801c7c1f3b31b122bd329fdebc78e6 100644 (file)
--- a/doc/guide/admin/sasl.sdf
+++ b/doc/guide/admin/sasl.sdf
@@ -302,12 +302,14 @@ format:
  
  H4: TLS Authentication Identity Format
  
-This is usually the Subject DN from the client-side certificate.
-The order of the components will be changed to follow LDAP conventions,
-so a certificate issued to {{EX:C=gb, O=The Example Organisation, CN=A Person}}
+This is the Subject DN from the client-side certificate.
+Note that DNs are displayed differently by LDAP and by X.509, so
+a certificate issued to
+>      C=gb, O=The Example Organisation, CN=A Person
+
  will produce an authentication identity of:
  
-> cn=A Person,o=The Example Organisation,c=gb
+>      cn=A Person,o=The Example Organisation,c=gb
  
  Note that you must set a suitable value for TLSVerifyClient to make the server
  request the use of a client-side certificate. Without this, the SASL EXTERNAL
author	Howard Chu <hyc@openldap.org>
	Wed, 23 Feb 2011 03:40:08 +0000 (03:40 +0000)
committer	Howard Chu <hyc@openldap.org>
	Wed, 23 Feb 2011 03:40:08 +0000 (03:40 +0000)