Re: [OpenXPKI-users] ldap connector - publishing CRL, un-publish user certificate

Sat, 08 Feb 2025 23:50:41 -0800 

Hi,
while you can of course use LDAP to keep historic versions of the CRL, the regular use case is to have the most recent one at a dedicated name and this is usually along with the CA certificate located at the DN (this is at least what you can find in the default configuration of the OpenXPKI profiles). 


If this matches your setup, just put "filter: (CN=[% ARGS.0 %])" into 
the config.


Oliver

On 09.02.25 05:16, Scott Thomas via OpenXPKI-users wrote:

Bonjour,


I am also at the same point of publishing CRL in LDAP. It always says 
"Already exists" ... Can we create multiple versions of CRL in the 
LDAP directory ?


Cheers
Scotty



On Wednesday 1 September 2021 at 01:39:15 am GMT+5, Montajab Saleh 
<montajab.sa...@gmail.com> wrote:



Hi,

I try on to publish all users certificates and CRLs to LDAP directory,
when issuing a user certificate it get published as supposed to,

Also, first CRL also get published, but when issuing another CRL it 
get Failed with error "ERROR Already exists"

any advice on how to update the CRL if it already exist
my current config for CRL publishing
-------
ldap-crl:
    class: Connector::Proxy::Net::LDAP::Single
    LOCATION: ldap://<ldap.myorg.local>
    base: dc=myorg,dc=local
    filter: (objectCategory=cRLDistributionPoint)
    binddn: cn=admin,dc=myorg,dc=local
    password: mysecret
    attrmap:
        der: certificateRevocationList;binary

    create:
        basedn: dc=myorg,dc=local
        rdnkey: cn

    schema:
        cn:
            objectclass: cRLDistributionPoint
            values:
                cn: copy:self
-------
another question,

is there a way to unpublish a certificate from ldap directory, when it 
gets revoked for example


Thanks

--
/Regards/
/Montajab Saleh/
_______________________________________________
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users


_______________________________________________
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users


--
Protect your environment -  close windows and adopt a penguin!

_______________________________________________
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users






















					Reply via email to