I already saw the example for trying to authenticate users using their certificates.
However, instead of using the common name, I would like to use the role of the certificate : CA Operators can access some things, RA Operators some other, Users can not, etc...
How is that done? Can the Role be joined to the DN? How?
The most important question is which version do you use?
0.9.1
-----
Add the role manually to the subject and then filter the certificates after authentication with the Apache and mod_ssl.
0.9.2
-----
Please read the docs. Here is only a short description:
0. go to OPENCADIR/etc/access_control/your_interface.xml
1. activate x509 based login
2. activate map_role
3. activate map_operation (or you have to configure the access permission for every single role)
4. edit OPENCADIR/etc/rbac/acl.xml (add/remove permissions like you need)
I hope this is simple enough.
Michael -- ------------------------------------------------------------------- Michael Bell Email: [EMAIL PROTECTED] ZE Computer- und Medienservice Tel.: +49 (0)30-2093 2482 (Computing Centre) Fax: +49 (0)30-2093 2704 Humboldt-University of Berlin Unter den Linden 6 10099 Berlin Email (private): [EMAIL PROTECTED] Germany http://www.openca.org
------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
