This section summarizes the use of LDAP credentials.
All LDAP credentials are optional; if none are specified, LDAP access first tries the HTTP server credentials, and if that fails, tries anonymous.
Two pairs of smime.conf parameters are used as credentials for the two sets of URLs that may be specified:
logindn & loginpw - all URLs in smime.conf
crlurllogindn & crlurlloginpw - all URLs from mapping table
These are known as the default LDAP credential pair.
Any URL specified in smime.conf or via mapping CRL URLs can have an optional local LDAP credential pair specified.
Credentials are checked in order in which each is specified:
1) Local LDAP credential pair - if specified, only one tried
2) Default LDAP Credential Pair - if specified, and no Local LDAP credential pair, only one tried
3) Server - if neither Local LDAP credential pair nor default LDAP credential pair specified, first tried
4) anonymous - last tried only if server fails or none specified
If a URL has a Local LDAP credential pair specified, it is used first; if the access fails, access is denied.
If a URL has no Local LDAP credential pair specified, the corresponding default LDAP credential pair is used; if access fails, then access is denied.