Section: Local Commands (L)
cert2ldap - import a certificate into an LDAP server
- connect to serverhostname.
- use portportinstead of the usual LDAP port 389.
- store the issuer distinguished name of the certificate in the directory.
- store the subject distinguished name of the certificate in thedirectory.
- store the certificate in binary form in the directory.
- store the serial number of the certificate in the directory.
- increase debug level.
- add all the attributes specified to the entry with distinguished nametargetdn.
- bind as userbinddnto the directory.
- use passwordto bind to the directory.
- create a certificate mapping entry that specifies owneras the owner of the certificate.
- use LDAP protocol versionversionto connect to the server.
- use "userCertifiate;binary" format for update, some servers seemto require this, others are happy without.
is used to import a certificate into an LDAP directory in such aas to allow the mod_authz_ldap
Apache module to authenticate and authorize users based on theircertificates.The certificate is either specified as a certificatefilename
argument on the command line or read from standardinput.There are essentially two ways to use the program:either a certificate is added as auserCertifcate
attribute to a users node, or a certificate mapping nodeis added somewhere else in the directory, referencing theuser.
The second form is active as soon as one if the options-i,-s,-oor -nare used. The first form uses only the -coption. The correct configuration of the entires can be checked usingthe certfind(1)program.
If the node to be updated does not exist yet, a minimal node is created.However this is only marginally useful in the case of a node containingthe certificate proper.
Andreas F. Mueller <andreas.muellerAATTothello.ch>
- SEE ALSO
This document was created byman2html,using the manual pages.