Re: [OpenCA-Devel] LDAP export with search - different dn for cert and ldap

Wed, 15 Jun 2005 06:13:19 -0700 

Oliver Welter wrote:


Hi Folks,

I have a nice feature-request here :)
I have a certificate that contains a unique ID in the DN (number of company register)
I have a LDAP Server that has a completely differnt DN scheme, but the mentioned ID is a unique attribute in the LDAP tree, too. So this means I can search for this Value and will find exactly one entry.
Is it now possible (with the build in configuration) to perform the LDAP export in a way that fits this arhcitecture ? 

Means:
Extract the ID from the certs subject (its a defined attribute)
Search the corresponding node in the LDAP with a complex search
Add certificate to this node
Can I do this transformation via the schema-descriptions in ldap.xml or have I to rewrite the ldap-export Module =
AFAICS there are no DN-Transformation rules implemented, thus subjectDN equals the DN of the LDAP entry. Michael please correct me, if I am wrong here.
What you need is a feature that performs a search and modifies the found entry provided the search results in exactly one entry. 

This should be made configurable, e.g.:

PERFORM_SEARCH_BEFORE_ADDING YES
UNIQUE_SEARCH_ATTRIBUTE uid


Just my 2 cent,

Peter




any ideas ?

Oliver




--
_______________________________________________________________________

Peter Gietz (CEO)
DAASI International GmbH                phone: +49 7071 2970336
Wilhelmstr. 106 Fax: +49 7071 295114 D-72074 Tübingen email: [EMAIL PROTECTED] 
Germany                                 Web:   www.daasi.de

Directory Applications for Advanced Security and Information Management
_______________________________________________________________________



-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_idt77&alloc_id492&op=click
_______________________________________________
OpenCA-Devel mailing list
OpenCA-Devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openca-devel

Reply via email to