Greetings, novice at freeradius here. I would like to use the ldap module in Freeradius to check certs against CRLS, nothing special there. What I'm wondering is how, if it is in fact possible, can I take the DN provided by the cert to filter the ldap search done by the module. All I really need to filter on is the CN part of the DirName. Example:
DirName: C = US, O = XXXXXXX, CN = CRLXXX There are quite a few CRLs on the ldap server and it seems that having more than one result returned results in an ambiguous search and a subsequent failure. Is what I'm looking to do possible? Somewhat related question about CRLs, in my testing I've run across the error "Different CRL scope". It seems that the CRLs have the UsersOnly flag set, but I can still successfully verify that a revoked certificate that fails in this fashion is indeed revoked by using openssl verify. My suspicion is that openssl verify doesn't care about scope, but I haven't found anything that says one or the other. I'm running freeradius 2.1.12 from the debian wheezy repo, openssl 1.0.1e from the same, if this is relevant. Regards, Joacim Kosonen
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
