FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Directory

 
 
LinkBack Thread Tools
 
Old 03-15-2011, 09:32 PM
"Andrea Modesto Rossi"
 
Default LDAP and PKCS12

Hi all,

i'd like to store all PKCS12(and its x509 cert) such as LDAP attribute of
my users. Is it possible? please can anyone point me in the right
direction?
Google did not help me :-(

Thank you very much.

best regards,

/AMR

--
Andrea Modesto Rossi
Fedora Ambassador


--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 03-15-2011, 09:42 PM
Rob Crittenden
 
Default LDAP and PKCS12

Andrea Modesto Rossi wrote:
> Hi all,
>
> i'd like to store all PKCS12(and its x509 cert) such as LDAP attribute of
> my users. Is it possible? please can anyone point me in the right
> direction?
> Google did not help me :-(
>
> Thank you very much.
>
> best regards,
>
> /AMR
>

The inetOrgPerson objectclass defines userPKCS12 to store PKCS#12
objects and you can use userCertificate in the same objectclass to store
the public certs. See /etc/dirsrv/schema/06inetorgperson.ldif

You'll want to limit permissions on the userPKCS12 attribute, it
contains the user's private key. I would definitely write an aci to
limit access to that attribute if you can't be discouraged from wanting
to store that.

rob
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 

Thread Tools




All times are GMT. The time now is 01:14 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org