Neil Lane wrote:
Is there any way to install a trusted CA through the commandline???
Yes, using the certutil command - see here -
http://directory.fedora.redhat.com/wiki/Howto:SSL#Import_the_CA_cert_into...
If you want slapd-instance to know and trust the CA with the CA cert
stored in ascii format (base64 encoded) in a file called cacert.asc:
cd /opt/fedora-ds/alias
../shared/bin/certutil -A -d . -P slapd-instance- -n "CA certificate" -t
"CT,," -a -i cacert.asc
You'll need to shutdown slapd-instance before you do this. The -t argument sets the
trust flags, and the CT means the cert you're importing is a trusted CA cert.
I am having major issues with starting the admin console, logging in and
modifying entries as the user I log in as.
What user are you logging in as, and what entries are you having trouble
modifying?
I have had a look through the ldapmodify docs but no joy yet.
Any Ideas???
-----Original Message-----
From: fedora-directory-devel-bounces(a)redhat.com
[mailto:fedora-directory-devel-bounces@redhat.com] On Behalf Of Richard
Megginson
Sent: 30 January 2006 07:27 PM
To: Fedora Directory server developer discussion.
Subject: Re: [Fedora-directory-devel] Cert
Neil Lane wrote:
>HI All
>
>I am in the process of writing a custom login module using LDAP.
>
>I am attempting to use a cert (PKCS12 Cert) for the users "password".
>
>I would like to load the cert from a keystore and validate it against
>the LDAP entries userPKCS12 attribute.
>
>Please can someone let me know if this is possible and then let me
>know how this may be achieved.
>
>Any assistance would be appreciated.
>
>
>
Fedora DS supports client certificate based authentication, so I'm not
sure why you need to do something similar.
See
http://www.redhat.com/docs/manuals/dir-server/ag/7.1/ssl.html#1053102
and
http://directory.fedora.redhat.com/wiki/Howto:CertMapping
>Thanks
>
>Neil Lane
>
>------------------------------------------------------------------------
>
>--
>Fedora-directory-devel mailing list
>Fedora-directory-devel(a)redhat.com
>https://www.redhat.com/mailman/listinfo/fedora-directory-devel
>
>
>
>
--
Fedora-directory-devel mailing list
Fedora-directory-devel(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-devel