[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: DN question



Kós Tamás wrote:
2008/8/21 Michael Ströder <michael@stroeder.com>:
Kós Tamás wrote:
I want to achieve achieve two things. Extend DN (if possible) to
mail+cn attributes
Try ldapmodrdn command-line tool:
ldapmodrdn [options] "CN=Gipsz Jakab" "CN=Gipsz Jakab+mail=user@domain"

OK, thanks I will try it, but I'm afraid it will ruins the card
authentication...

If you have X.509 certs issued and the subject-DNs MUST match the user's entry DN then you have more to think about in your infrastructure.


to use ldapmodify to add certificate for the user.
Use ldapmodify with LDIF like this:

------------------------ snip ------------------------
dn: CN=Gipsz Jakab
changetype: modify
add: userCertificate;binary
userCertificate;binary:: [..base64-encoded binary DER data of certificate..]
-

------------------------ snip ------------------------
I tried it, but we could have more Gipsz Jakab, so that I want to use
mail or uid attributes..

Yes, this was just an example. dn: can be followed by any valid DN.

I vaguely remember that Domino/LDAP can contain entries like

dn: CN=Gipsz Jakab,uid=blurb

for the same user entry. But this violates LDAPv3 standard.

Ciao, Michael.