[Date Prev][Date Next]
Re: about userCertificate
hi, thank you Dieter Kluenter,
my question is due to the Revocation of certificate-based authentication.
I don't known if OpenLDAP supports a revocationlist operation for
certificates distributed. I check the core.schema, and I found some
attributes like a certificateRevocationList, a userCertificate etc. I just
wonder how to enable it according to RFC2256.
thank you and all friends being attentive to this topic!:-)
----- Original Message -----
From: "Dieter Kluenter" <firstname.lastname@example.org>
Sent: Tuesday, June 17, 2003 11:07 PM
Subject: Re: about userCertificate
> "alexela_1999" <email@example.com> writes:
> > anybody has used userCertificate for certificated authentication?! and
> > please , tell me , how to use this attribute ???
> > I built certificated authentication server, but server only recognize
> > certificates signed by CA, that's to say, certificates are authenticated
> > when connect using EXTERNAL, even if user dn does not exist in LDAP
> > the userCertificate attribute seems to take no effect. anybody know how
> > built a userCertificate controled authentication?
> Authentication is done by sasl. If the user certifcate is validated, the
> user is authenticated and has the rights of an authenticated user,
> that is not depending on a users entry.
> If you want to grant access only by authenticated users which have an
> entry, you should declare it in access controls.
> Following is the output of an authenticated user with an entry.
> dieter@marin:~> ldapwhoami -Y EXTERNAL -ZZ
> SASL/EXTERNAL authentication started
> SASL username: CN=Dieter Kluenter,OU=partner,O=avci,C=de
> SASL SSF: 0
> dn:cn=dieter kluenter,ou=partner,o=avci,c=de
> Dieter Kluenter | Systemberatung
> Tel:040.64861967 | Fax: 040.64891521
> mailto: firstname.lastname@example.org