Re: [OpenCA-Devel] LDAP export with search - different dn for cert and ldap

Wed, 15 Jun 2005 23:42:45 -0700

Perhaps you can use the perl backend of openldap to proxy the request, rewrite the query and DNs as necessary, sent the transformed request to the real ldap server, get the response back, rewrite it and then send it back to opena as it expects. This can solve the general problems of DNs is certs not matching DNs directories. 

Peter Gietz wrote:
AFAICS there are no DN-Transformation rules implemented, thus subjectDN equals the DN of the LDAP entry. Michael please correct me, if I am wrong here.
What you need is a feature that performs a search and modifies the found entry provided the search results in exactly one entry. 

This should be made configurable, e.g.:

PERFORM_SEARCH_BEFORE_ADDING YES
UNIQUE_SEARCH_ATTRIBUTE uid


Just my 2 cent,

Peter




any ideas ?

Oliver








--
Dr. Rodney G. McDuff                 |Ex ignorantia ad sapientiam
Manager, Strategic Technologies Group|    Ex luce ad tenebras
Information Technology Services      |
The University of Queensland         |
EMAIL: [EMAIL PROTECTED]          |
TELEPHONE: +61 7 3365 8220 |

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Reply via email to