Hi,
What do your LDAP entries actually look like? Mine only have 1 email address for the LDAP entry, even though I have two addresses in my certificate. But the LDAP address
is always the primary one. I hadn't noticed this until I saw your message here. I too would prefer that all the email addresses specified in the certificate are available in the
LDAP entry.
Does anyone else have any idea how this works?
I suspect some of use are going to have to figure out how ldap.xml works, and see if it can be configured differently.
Mike
Oliver Welter wrote:
Hi Folks,
I encounter a strange problem....
We issue certificates for Members if the university. The certs contain the university-mailadress and CAN contain up to two other (private) adresses of the user.
We store the certificates in an LDAP server - now I recongnized that for some entries the private mailadresses are written as "primary" adress in the LDAP.....
The certs itself dont contain a "primary" adress but have multiple "Subject Alternative Names" set as eMail. The university add is always the first of them. Here is an excerpt of such a certificate:
Subject: C=DE, O=Technische Universitaet Muenchen, OU=myTUM CA,OU=Student, CN=Doe John/serialNumber=127
X509v3 Subject Alternative Name:
email:[EMAIL PROTECTED],email:[EMAIL PROTECTED],email:[EMAIL PROTECTED]
The LDAP server uses the gmx adress - but should use the mytum one....
Anybody knows whats going on here ?
Oliver
------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Openca-Users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openca-users
