CERT2LDAP(L)CERT2LDAP(L)NAMEcert2ldap - import a certificate into an LDAP server
SYNOPSIScert2ldap [ options ] [ certificatefile ]
connect to server hostname.
-pport use port port instead of the usual LDAP port 389.
-i store the issuer distinguished name of the certificate in the
-s store the subject distinguished name of the certificate in the
-c store the certificate in binary form in the directory.
-n store the serial number of the certificate in the directory.
-d increase debug level.
add all the attributes specified to the entry with distinguished
bind as user binddn to the directory.
use password to bind to the directory.
create a certificate mapping entry that specifies owner as the
owner of the certificate.
use LDAP protocol version version to connect to the server.
-B use "userCertifiate;binary" format for update, some servers seem
to require this, others are happy without.
Cert2ldap is used to import a certificate into an LDAP directory in
such a as to allow the mod_authz_ldap Apache module to authenticate and
authorize users based on their certificates. The certificate is either
specified as a certificatefilename argument on the command line or read
from standard input. There are essentially two ways to use the pro‐
gram: either a certificate is added as a userCertifcate attribute to a
users node, or a certificate mapping node is added somewhere else in
the directory, referencing the user.
The second form is active as soon as one if the options -i, -s, -o or
-n are used. The first form uses only the -c option. The correct con‐
figuration of the entires can be checked using the certfind(1) program.
If the node to be updated does not exist yet, a minimal node is cre‐
ated. However this is only marginally useful in the case of a node
containing the certificate proper.
Andreas F. Mueller <firstname.lastname@example.org>
MOD_AUTHZ_LDAP 21/04/01 CERT2LDAP(L)