GNU/Linux |
CentOS 3.3 |
|
cert2ldap(1) |
cert2ldap − import a certificate into an LDAP server
cert2ldap [ options ] [ certificatefile ]
−hhostname
connect to server hostname.
−pport |
use port port instead of the usual LDAP port 389. | ||
−i |
store the issuer distinguished name of the certificate in the directory. | ||
−s |
store the subject distinguished name of the certificate in the directory. | ||
−c |
store the certificate in binary form in the directory. | ||
−n |
store the serial number of the certificate in the directory. | ||
−d |
increase debug level. |
−Dtargetdn
add all the attributes specified to the entry with distinguished name targetdn.
−bbinddn
bind as user binddn to the directory.
−wpassword
use password to bind to the directory.
−oowner
create a certificate mapping entry that specifies owner as the owner of the certificate.
Cert2ldap is used to import a certificate into an LDAP directory in such a as to allow the mod_authz_ldap Apache module to authenticate and authorize users based on their certificates. The certificate is either specified as a certificatefilename argument on the command line or read from standard input. There are essentially two ways to use the program: either a certificate is added as a userCertifcate attribute to a users node, or a certificate mapping node is added somewhere else in the directory, referencing the user.
The second form is active as soon as one if the options -i, -s, -o or -n are used. The first form uses only the -c option. The correct configuration of the entires can be checked using the certfind(1) program.
If the node to be updated does not exist yet, a minimal node is created. However this is only marginally useful in the case of a node containing the certificate proper.
certfind(1)
Andreas F. Mueller <andreas.mueller@othello.ch>
cert2ldap(1) |