Re: [Openca-Users] Only add encryption certs to LDAP

[Michael Bell]

Chris Covell wrote:

I edited the file ldap-utils.lib.

Just after the line "## get the needed data" I added:

my $role = $obj->getParsed ()->{HEADER}->{ROLE};                                
print "Role: $role";

This gets the role of the certificate that is going to be uploaded to the 
directory and stores it as $role.

I then put a great big if statement around the lines that actually do the 
uploading (just before "## here we could perform some operations with the 
data").

if ($role eq "User") {
print "skipping $role";
}
else {
...missing lines
...
}
This means that if the role is User (i.e. a User (or signing cert in our 
case)) then don't upload it, else write it to the directory.

If I was doing this properly then I would add a section to ldap.conf to list 
the cert types not to upload and then read this list in the if statement.

I hope this help Michael (but it is a bit of a hack I think !).
It looks not really nice but the important thing is the idea how to do 
it. I included it to TODO. We can implement it via a simple return 
statement in addLDAPobject and addLDAPattribute.

my $roles = join '\n', getRequiredList ('LDAPexcludedRoles');
my $role  = $obj->getParsed ()->{HEADER}->{ROLE};
return (correctly constructed_return_value)
  if ($roles =~ /^${role}$/m);
It doesn't look much better then yours but it is more compact and better 
documentable.

If you have a working solution the please send a complete version of 
ldap-utils.lib or a diff. Strings like "## get the needed data" can 
change really fast.

Best regards

Michael
--
-------------------------------------------------------------------
Michael Bell                   Email: [EMAIL PROTECTED]
ZE Computer- und Medienservice            Tel.: +49 (0)30-2093 2482
(Computing Centre)                        Fax:  +49 (0)30-2093 2704
Humboldt-University of Berlin
Unter den Linden 6
10099 Berlin                   Email (private): [EMAIL PROTECTED]
Germany                                       http://www.openca.org


-------------------------------------------------------
This SF.net email is sponsored by:Crypto Challenge is now open! 
Get cracking and register here for some mind boggling fun and 
the chance of winning an Apple iPod:
http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en
_______________________________________________
Openca-Users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-users