NAME
cert2ldap - import a certificate into an LDAP server
SYNOPSIS
cert2ldap [ options ] [
certificatefile ]
OPTIONS
- -hhostname
- connect to server hostname.
- -pport
- use port port instead of the usual LDAP port 389.
- -i
- store the issuer distinguished name of the certificate in the
directory.
- -s
- store the subject distinguished name of the certificate in the
directory.
- -c
- store the certificate in binary form in the directory.
- -n
- store the serial number of the certificate in the directory.
- -d
- increase debug level.
- -Dtargetdn
- add all the attributes specified to the entry with
distinguished name targetdn.
- -bbinddn
- bind as user binddn to the directory.
- -wpassword
- use password to bind to the directory.
- -oowner
- create a certificate mapping entry that specifies owner
as the owner of the certificate.
- -Vversion
- use LDAP protocol version version to connect to the
server.
- -B
- use "userCertifiate;binary" format for update, some servers
seem to require this, others are happy without.
DESCRIPTION
Cert2ldap is used to import a
certificate into an LDAP directory in such a as to allow the
mod_authz_ldap Apache module to authenticate and authorize
users based on their certificates. The certificate is either
specified as a certificatefilename argument on the command
line or read from standard input. There are essentially two ways to
use the program: either a certificate is added as a
userCertifcate attribute to a users node, or a certificate
mapping node is added somewhere else in the directory, referencing
the user.
The second form is active as soon as one if the options
-i, -s, -o or -n are used. The first
form uses only the -c option. The correct configuration of
the entires can be checked using the certfind(1)
program.
If the node to be updated does not exist yet, a minimal node is
created. However this is only marginally useful in the case of a
node containing the certificate proper.
SEE ALSO
certfind(1)
AUTHOR
Andreas F. Mueller <andreas.mueller@othello.ch>