On 07/27/2011 04:31 PM, Marek Kreul wrote: > As LDAP search for certificates is currently not yet available in djigzo, I > thought about implementing a workaround for me to have at least the > certificates for my "well known" usergroup always up-to-date. > > In my case, a simple bash script would connect to the djigzo database and > read the list of users that are currently configured. > It would then conduct an ldap search using each users email address to > receive the current certificate of that user. The users certificate in the > database would be deleted, and the new certificate retrieved from LDAP will > be imported. > > Would that be possible, and which steps would be necessary to import the > certificate into the database using psql?
1. Importing a certificate Directly importing a certificate into the database is not a trivial task. The main reason this is not easy is because certain fields of the certificate are extracted and stored in database fields for improved searching, chain building etc. There are however different ways to import a new certificate a. Use a command line tool Goto the Djigzo home dir (for example /usr/share/djigzo) Use the following command to import a certificate from a file: java -cp djigzo.jar mitm.application.djigzo.tools.manager.Manager -store cert -cer CERTIFICATE-FILE the CERTIFICATE-FILE can be a single certificate (.cer) or a bunch of certificates (.p7b). It's a very rudimentary tool and hasn't been updated for a while but it works. b. Use the SOAP interface The Djigzo front-end (the GUI) only contains the GUI part and talks to the back-end via SOAP. All 'hard' work is done by the back-end. If you have a tool that can speak SOAP, you might be able to do everything via SOAP calls. This however requires some more work because the SOAP interface is not documented (although it's pretty straightforward). 2. deleting a certificate Deleting a certificate is somewhat harder. The command line tool does not allow you to delete a certificate so you should use SOAP for that or use SQL commands to delete a certificate. It should be noted that it's not always possible to delete a certificate. A certificate which is in use cannot be deleted. A certificate is in use for example when it's selected as a signing certificate or when it's explicitly selected (for example as a domain certificate). Is there a particular reason you want to delete a certificate? a certificate which is expired is no longer valid and therefore no longer used. 3. getting a list of all users You can either use SOAP or direct SQL commands to get a list of users. Kind regards, Martijn Brinkers -- Djigzo open source email encryption _______________________________________________ Users mailing list [email protected] http://lists.djigzo.com/lists/listinfo/users
