How are you going to handle multiple OUs? In the case where a certificate
contains 4 multiple OUs but a user DN only contains one of those 4?
Thanks!
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Andrea e Luca
Giacobazzi
Sent: Tuesday, June 08, 1999 12:59 PM
To: [EMAIL PROTECTED]
Subject: R: Certificate - LDAP Mapping
>
>So to map just email addresses, you would specify 'email=mail' as your
>mapping. You can also specify multiple mappings to narrow the search even
>further. So something like 'email=mail,uid' would result in an LDAP search
>like (&([EMAIL PROTECTED])(uid=wmperry)). If a match is found, we
>pull out all the userCertificate (this attribute is configurable as well of
>course) values, and proceed to compare them. If any of the values are
>identical to the blob of data you passed in, the certificate is considered
>valid.
I already wrote a cert status check with ldap directory , searching by
e-mail and setting new env var containing the cert status, that you can use
in SSLRequire. I send you attached.
I just miss some knowledge to implement some new Apache directives (any
suggestion?) to enable/disable the checking, and set some parameters via
httpd.conf, like ldap servers, and to clean up a little the code, maybe for
the inclusion...
Let's merge as much as possible.
Andrea
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
