#50590 Add certificate-based authentication support to dsconf and dsidm CLI
Opened a month ago by spichugi. Modified a month ago

Issue Description

Users should be able to bind using certificate-based authentication.
Also, dsconf replication monitor functionality should be extended accordingly.


What did you have in mind here? path to client certs in the .dsrc or similar? lib389 already supports cert auth so it should just need wiring in ...

Metadata Update from @firstyear:
- Custom field origin adjusted to None
- Custom field reviewstatus adjusted to None

a month ago

Metadata Update from @mreynolds:
- Issue set to the milestone: 1.4 backlog

a month ago

What did you have in mind here? path to client certs in the .dsrc or similar? lib389 already supports cert auth so it should just need wiring in ...

Yeah, I think we should support both - .dsrc and direct CLI options for dsconf and dsidm.
Also, we can check other parts like plugins, replication monitor (still in development), etc. Just to be sure that everywhere where we can use the certificate-based authentication - it is covered.

dsrc and dsconf/dsidm already support the layering of options you desire. Look at src/lib389/lib389/cli_base/dsrc.py and how that inlines the options. When we take the clientcert option, we would have dsrc_to_ldap handle setting up the instance with the right auth.

For the replmonitor and cert auth, the best way would be to have repl monitor to use dsrc and the cli so that they could inherit the same code, and then it will just work :)

Login to comment on this ticket.

Metadata