TLS: assigning certificates to username

Michael Ströder michael at
Fri May 6 11:15:50 CEST 2016

Arran Cudbard-Bell wrote:
> My main reason for being less than enthusiastic about using CN for NAIs, is
> because in LDAP (also X509) CN is usually the user's humanly readable name,
> so you're creating discordant representations of the user.

That doesn't matter today anymore. In a modern setup you would attach the whole
subject DN to the user's LDAP entry or define another attribute mapping.

Ciao, Michael.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4245 bytes
Desc: S/MIME Cryptographic Signature
URL: <>

More information about the Freeradius-Users mailing list