Hello Oliver, in our case we needed two things concerning the LDAPa) to hang the certificate and its serial number under the user entry in LDAP and not as a different entry, so we also added the attribute serialNumber. b)to translate the dn from the certificate to the correspoding LDAP dn (uid=username ,ou=people, dc= aaa, dc=gr).
So in OpenCA/etc/servers/ldap.conf we added the configuration parameter LDAP_TRANSLATE_DN and also in OpenCA/etc/ldap.xml
<host>@ldap_host@</host> <port>@ldap_port@</port> <translate>1</translate> which are set to 1 if dn translation is onThe main changes are on export-import.lib ( http://noc.ntua.gr/~chrisap/functions.diff ) and LDAP.pm (http://noc.ntua.gr/~chrisap/ldap_diff)
Chrysa
Hi Chrysa,we had the same need for a transformation of the dn, so we implemeted a function in LDAP.pm that translates the dn to the appropriate form if a configuration parameter LDAP_TRANSLATE_DN (ldap.conf) is set to 1. Thefunction extracts the uid from the cert, builds the new dn and can continueas usual with the ldap.is it possible for you to send me the modifications, so we can put it into the official sources ?Oliver -- Diese Nachricht wurde digital unterschrieben oliwel's public key: http://www.oliwel.de/oliwel.crt Basiszertifikat: http://www.ldv.ei.tum.de/page72
smime.p7s
Description: S/MIME cryptographic signature
