Hello,
I have the following scenario that I need to study and implement if
possible:
- Active Directory Server where users will be created (actually
already there)
- Syncope Server to manage users
- Eventually other databases where the users need to be synchronized
with the help of syncope
- Somehow propagate certificates(root and intermediate certs) to the
AD server and machines to allow later login in the windows machines with
smartcards
So far, I managed to connect syncope with the AD and
create/update/delete users and groups.
I also was able to map a plainschema that i created to the
/altSecutiryIndentities/ property on the user in the active directory,
providing there a string like "X509:<SKI>'here goes the subject key
identifier of the user's cert'
With this configuration i can login with the user smartcard in the
windows client machine, to this login work i had to install the root and
intermediate certs in the active directory server and the clients
machines, but here comes the question...
Is there a way to maintain and propagate to server and clients those
certs (root and intermediate) with syncope?
And if possible to automate the process of gathering the
SubjectKeyIdentifier of the user certificate to the plainschema that i
created that maps to the /altSecutiryIndentities/.
Best,
João Graça
