Hi,
as we have a customer who is interested in publishing certificates in an
LDAP directory, I have finally tried out the LDAP publishing workflow.
Some comments:
- I had to add the openca.schemai file, but had to modify it from the latest
version to only include the objectclasses:
* opencaUniquelyIdentifiedUser
* opencaEmailAddress
* opencaSCEPDevice
Are those really _needed_ in a normal environment, they sound fairly
specific to me? I wouldn't want to force the customer to change their
schema without it actually making sense ...
- What's with the sn=NOT SUBSTITUTED YET, can I turn that off? What's
the purpose of modifying entries apart from userCertificate anyways?
- The customer wants the certificate DNs to be different from the LDAP
DNs (which I guess is a fairly typical situation), I don't think this
is possible with the current code yet, am I correct? If so, I'd try
adding a workflow activity that tries to map a certificate DN to an
LDAP DN (for example by extracting the CN, searching for it below a
certain base DN and then using the found DN as the certificate DN -
fully configurable, of course) - do you think this makes sense?
Cheers,
Alex
--
Dipl.-Math. Alexander Klink | IT-Security Engineer
[EMAIL PROTECTED] | working @ urn:oid:1.3.6.1.4.1.11417
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
OpenXPKI-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-devel
