On Thu, Oct 30, 2014 at 09:54:57AM -0300, Net Warrior wrote: > >I suspect that you do not want that. It would force every client to > >have a client-side X.509 certificate. Good for secure authentication, > >but more effort to manage than most people are prepared to handle. > > Is it because of the certificte expiration or something like that tha's hard > to > mantain?
Yes. It is worth considering though, provided you have a well-organised system for distributing and installing new client-side certificates. You will also need to make sure that the admin tools you use can work with client-side certs. > >That is because you tried to add it to a database but it is a global option. > I added to the global section cn=config and do not see it. Odd. If you use ldapadd to do this then it should either work or return an error code. > >Are you really using the BDB database? It has been deprecated for some time > now. > >I would suggest using MDB > > Yes my bad, after I went to production, I was told that backend was > deprecated, is there any doc related to migrate from one backend to another > or > should I reconfigure the whole database from scratch ? The safest approach is to slapcat each of your databases into LDIF files then configure new MDB databases and slapadd the data. You will find that loading MDB with slapadd -q is extremely fast. Andrew -- ----------------------------------------------------------------------- | From Andrew Findlay, Skills 1st Ltd | | Consultant in large-scale systems, networks, and directory services | | http://www.skills-1st.co.uk/ +44 1628 782565 | -----------------------------------------------------------------------