Hi lambam, I am trying to do LDAP client certificate mapping. I had given an insight of my configuration. My certmap.conf file: certmap example ou=employees,o=us.com -------------?? this is the DN of the CA issuer, example:verifycert on example:DNComps cn,email,roomNumber example:FilterComps l,email,uid,telephoneNumber example:CmapLdapAttr certSubjectDN Generation of CA cert: certutil -S -n "CertCA" -s "ou= employees,o= us.com" -x -t "CT,," -m 1000 -v 120 -d <path/to/instance cert db> -z noise.txt ?Vf pwdfile.txt Is this correct. I assume ou=employees,o=us.com is my CA cert issuer. So I am using it as issuerDN value in certmap.conf. creating client certificate. certutil -S -n "certuser" -s "cn=certuser, ou=employees,o=us.com " -c " CertCA " -t "u,u,u" -m 1003 -v 120 -d <path/to/instance cert db> -z noise.txt ?Vf pwdfile.txt and adding userCertificate;binary attribute to that user entry, after creating binary certificate. certutil -L -d <instance-path> -n "certuser" -r >usercert.bin When I try to ldapsearch: ldapsearch -h myhost -p 636 -Z -P /etc/opt/dirsrv/slapd-<instance>/cert8.db -N " certuser " -K /etc/opt/dirsrv/slapd-<instance>/key3.db -W "password" -b "o=us.com" cn=certuser ldap_sasl_bind: Invalid credentials ldap_sasl_bind: additional info: client certificate mapping failed But when I change the issuerDN in certmap.conf file to whatever dn (even if it is non-existing and invalid) I am getting the search Result properly. But the criteria is the issuerDN in certmap.conf should be exactly the same DN whose issues the CA certificate. The problem is whenever I use correct issuerDN in first line of certmap.conf file I am getting error. I am totally confused. Can somebody help me to get rid of this problem? Thanks in advance, Neuron Ring. Hello Neron Ring. Certificate to LDAP Mapping: http://www.redhat.com/docs/manuals/dir-server/pdf/console60.pdf Page 198 ish. API: ---- >From page 201 of the above guide: < You can use the Certificate Mapping API to create your own properties. For < information on using the Certificate Mapping API, see ??Certificate Mapping SDKs?? < at the following URL - which is followed by a defunct link. Try here, rather: http://www.redhat.com/docs/manuals/cert-system/sdk/7.1/ I hope this helps, laters. I'll keep an eye out for further questions along this line. -------------------------------------------------------------------------------- Date: Tue, 24 Mar 2009 17:51:50 +0530 From: neuronring at gmail.com To: fedora-directory-users at redhat.com Subject: Certificate to LDAP Mapping API Hi all, I need to use ??Certificate to LDAP Mapping?? functionality. The README file in the source ldapserver/lib/ldaputil/examples path suggests: Refer "Certificate to LDAP Mapping API" documentation to find out about the various API functions and how you can write your plug-in. And also to refer ??Managing servers?? manual. But I couldn??t get those documents. How can I write my own plug-in for LDAP Mapping? Or what can I do with Certmap.conf file to configure Certificate to LDAP Mapping. Can somebody provide link to that document or explain what is Certificate to LDAP Mapping. Thanks in advance, Neuron Ring. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20090327/bd34c702/attachment.html
