Re: [ApacheDS]

Sat, 27 Sep 2008 08:19:09 -0700 

Thanks for this and this can be used but this is a special structure we had
to create to specifically handle public and private keys for the server to
do SSL using the certificate.

Alex

On Sat, Sep 27, 2008 at 4:50 AM, Kiran Ayyagari <[EMAIL PROTECTED]>wrote:

>
> hi Sarah,
>
>   You can store digital certificates in ApacheDS. There is a object class
> named 'tlsKeyInfo' which you can use for
>    storing the public/private keys along with the algorithm and format
> details.
>
>    Here is the schema snippet for your quick reference. The complete
> apache.schema can be seen at http://xuumo.notlong.com
>
> # =============================================
> # SSL/TLS Key Management for LDAPS and StartTLS #
> =============================================
>
> attributetype ( 1.3.6.1.4.1.18060.0.4.1.2.38
>   NAME 'privateKeyFormat'
>   DESC 'The format of the private key used for TLS'
>   EQUALITY caseExactIA5Match
>   SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
>
> attributetype ( 1.3.6.1.4.1.18060.0.4.1.2.41
>   NAME 'publicKeyFormat'
>   DESC 'The format of the public key used for TLS'
>   EQUALITY caseExactIA5Match
>   SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
>
> attributetype ( 1.3.6.1.4.1.18060.0.4.1.2.39
>   NAME 'keyAlgorithm'
>   DESC 'The algorithm used for the key/pair used by the server for TLS'
>   EQUALITY caseExactIA5Match
>   SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
>
> attributetype ( 1.3.6.1.4.1.18060.0.4.1.2.40
>   NAME 'privateKey'
>   DESC 'The private key material used for TLS'
>   SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE )
>
> attributetype ( 1.3.6.1.4.1.18060.0.4.1.2.42
>   NAME 'publicKey'
>   DESC 'The public key material used for TLS'
>   SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE )
>
> objectclass ( 1.3.6.1.4.1.18060.0.4.1.3.11
>   NAME 'tlsKeyInfo'
>   SUP top
>   AUXILIARY
>   MUST ( privateKeyFormat $ keyAlgorithm $ privateKey $
>          publicKeyFormat $ publicKey ) )
>
> # =================================================
> # END SSL/TLS Key Management for LDAPS and StartTLS
> # =================================================
>
> HTH
> Kiran Ayyagari
>
>
> Sarah kho wrote:
>
>> Hi
>>
>> I saw that  "RFC 4523 Lightweight Directory Access Protocol (LDAP) Schema
>> Definitions for X.509 Certificates." is not supported by ApacheDS
>>
>> Can someone please explain whether it is possible to use ApacheDS to store
>> user's digital certificates along with other informations?
>>
>> Thanks.
>>
>>
>>
>

Reply via email to