On 8/15/07, Legolas Woodland <[EMAIL PROTECTED]> wrote: > Hi > Thank you for reading my post > Can we use ApacheDS to import some certificate (X509 digital certificate) > into it for our users? > > Is there any document fot doing this?
Yes, this works. The core schema, which is enabled by default, has support for RFC 2256, which contains attribute type userCertificate. The cert attributes in RFC 2256 have been updated by RFC 4510 & RFC 4523, but the basic attribute and OID are the same. I can't think of a consolidated example of how to do this, but there are resources online for: 1) Reading a cert from disk into an X509Certificate object. 2) Calling cert.getEncoded() to get the ASN.1 DER as a byte[]. 3) Performing a basic JNDI binary write to the directory. The following unit tests show some ways to work with a userCertificate: core-unit: org.apache.directory.server.core.jndi.SearchContextITest#testBinaryAttributesInFilter() server-unit: org.apache.directory.server.BinarySearchTest#testSearchByBinaryAttribute() Enrique
