Mario Caspari wrote:
Hello All,some weeks ago I wrote a posting, how Microsoft Mail Clients can qaccess
[...]
So here’s the question: what’s the best way to provide the ldap directory entrys to the users and how it can be implemented? Also how the certificates can be made downloadable via ldap?
Hi Mario,
the problem with LDAP is that it is so flexible you can store practically
everything in there, the point is where ? There are multiple ways to do
things and this is one problem.
One thing I did not understand is if you manage the LDAP or you are accessing
an LDAP which is run by other people... if this, try to check with them the
schema used for the entries.
Certificates are usually stored in the "userCertificate" attribute of the
entry, which is enabled in the inetOrgPerson (or pkiUser if you use the
OpenCA schema) objectClass.
An example of an initial LDIF file for your LDAP could look like:
dn: o=OpenCA Organization, c=IT
objectclass: top
objectclass: organization
o: OpenCA Organization
dn: cn=Mario Caspari, o=OpenCA, c=IT
objectclass: top
objectClass: person
objectClass: inetOrgPerson
userCertificate;binary: ewrwerWERweRWERWERerwr ...
This is not an exhaustive guide, but a start... you should check with
the IE and LDAP documentation to get more info on how to setup and
configure properly the LDAP for your needs.
Let me know, anyway, if you need additional help.
--
Best Regards,
Massimiliano Pala
--o------------------------------------------------------------------------
Massimiliano Pala [OpenCA Project Manager] [EMAIL PROTECTED]
Tel.: +39 (0)11 564 7081
http://security.polito.it Fax: +39 178 270 2077
Mobile: +39 (0)347 7222 365
Politecnico di Torino (EuroPKI)
Certification Authority Informations:
Authority Access Point http://ca.polito.it
Authority's Certificate: http://ca.polito.it/ca_cert/en_index.html
Certificate Revocation List: http://ca.polito.it/crl02/crl.crl
--o------------------------------------------------------------------------
smime.p7s
Description: S/MIME Cryptographic Signature
