Re: [Fedora-directory-devel] Cert

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Neil Lane wrote:


Is there any way to install a trusted CA through the commandline???
Yes, using the certutil command - see here - http://directory.fedora.redhat.com/wiki/Howto:SSL#Import_the_CA_cert_into_another_Fedora_DS
If you want slapd-instance to know and trust the CA with the CA cert stored in ascii format (base64 encoded) in a file called cacert.asc: 

cd /opt/fedora-ds/alias

../shared/bin/certutil -A -d . -P slapd-instance- -n "CA certificate" -t "CT,," -a -i cacert.asc

You'll need to shutdown slapd-instance before you do this.  The -t argument sets the trust flags, and the CT means the cert you're importing is a trusted CA cert.



I am having major issues with starting the admin console, logging in and
modifying entries as the user I log in as.
What user are you logging in as, and what entries are you having trouble modifying? 


I have had a look through the ldapmodify docs but no joy yet.

Any Ideas???






-----Original Message-----
From: fedora-directory-devel-bounces@xxxxxxxxxx
[mailto:fedora-directory-devel-bounces@xxxxxxxxxx] On Behalf Of Richard
Megginson
Sent: 30 January 2006 07:27 PM
To: Fedora Directory server developer discussion.
Subject: Re: [Fedora-directory-devel] Cert

Neil Lane wrote:


HI All

I am in the process of writing a custom login module using LDAP.

I am attempting to use a cert (PKCS12 Cert) for the users "password".
I would like to load the cert from a keystore and validate it against the LDAP entries userPKCS12 attribute.
Please can someone let me know if this is possible and then let me know how this may be achieved. 

Any assistance would be appreciated.
Fedora DS supports client certificate based authentication, so I'm not sure why you need to do something similar. 
See http://www.redhat.com/docs/manuals/dir-server/ag/7.1/ssl.html#1053102
and
http://directory.fedora.redhat.com/wiki/Howto:CertMapping


Thanks

Neil Lane

------------------------------------------------------------------------

--
Fedora-directory-devel mailing list
Fedora-directory-devel@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-devel





--
Fedora-directory-devel mailing list
Fedora-directory-devel@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-devel

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

[Index of Archives]     [Fedora Directory Announce]     [Fedora Users]     [Older Fedora Users Mail]     [Fedora Advisory Board]     [Fedora Security]     [Fedora Devel Java]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Mentors]     [Fedora Package Review]     [Fedora Art]     [Fedora Music]     [Fedora Packaging]     [CentOS]     [Fedora SELinux]     [Big List of Linux Books]     [KDE Users]     [Fedora Art]     [Fedora Docs]

  Powered by Linux