Am 20.10.20 um 22:20 schrieb Howard Chu: > Stefan Kania wrote: >> But when I create a user or a server there is no certificate. In the >> manpage said: >> --------- >> Certificates for users and servers are generated on demand using a >> Search request >> --------- > The manpage says, exactly: > > Certificates for users and servers are generated on demand using a > Search request returning only the userCertificate;binary and userPri‐ > vateKey;binary attributes. Any Search for anything besides exactly > these two attributes is ignored by the overlay. > That's what I did: ------------------- root@ldap25:~# ldapsearch -x -LLL -D "cn=user1 ldap,ou=users,dc=example,dc=net" -W -H ldap://ldap25 -b dc=example,dc=net "cn=user1 ldap" Enter LDAP Password: dn: cn=user1 ldap,ou=users,dc=example,dc=net objectClass: posixAccount objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person loginShell: /bin/bash homeDirectory: /home/u1-ldap uid: u1-ldap uidNumber: 10000 gidNumber: 10000 sn: ldap givenName: user1 userPassword:: e1NTSEF9L3lXMWxVUXdiVkNiTTNsdk1BK0VxQzhSdG9OUVV6Vlg= cn: user1 ldap
root@ldap25:~# ldapsearch -x -LLL -D "cn=user1 ldap,ou=users,dc=example,dc=net" -W -H ldap://ldap25 -b dc=example,dc=net "cn=user1 ldap" "userCertificate;binary" "userPrivateKey;binary" Enter LDAP Password: dn: cn=user1 ldap,ou=users,dc=example,dc=net ------------------ For the dc-Object it works: ------------------ root@ldap25:~# ldapsearch -x -LLL -D "cn=admin,dc=example,dc=net" -W -H ldap://ldap25 -b dc=example,dc=net "dc=example" "cACertificate;binary" Enter LDAP Password: dn: dc=example,dc=net cACertificate;binary:: MIIFcDCCA1igAwIBAgIJAKh3GIChqUPoMA0GCSqGSIb3DQEBCwUAMC4 .... ------------------
smime.p7s
Description: S/MIME Cryptographic Signature
