LDAP and PKCS12
Andrea Modesto Rossi wrote:
> Hi all,
> i'd like to store all PKCS12(and its x509 cert) such as LDAP attribute of
> my users. Is it possible? please can anyone point me in the right
> Google did not help me :-(
> Thank you very much.
> best regards,
The inetOrgPerson objectclass defines userPKCS12 to store PKCS#12
objects and you can use userCertificate in the same objectclass to store
the public certs. See /etc/dirsrv/schema/06inetorgperson.ldif
You'll want to limit permissions on the userPKCS12 attribute, it
contains the user's private key. I would definitely write an aci to
limit access to that attribute if you can't be discouraged from wanting
to store that.
389 users mailing list