Reputation: 7243
Adding certificate in userSMIMECertificate attribute of inetOrgPerson
I'm going to publish a certificate for my email using LDAP. I already have a LDAP up and running (AD LDS) on windows 2012. I'm going to add records using ldif file.
Here its contents
dc: dc=mysubdomain,dc=mydomain,dc=com
dn: dc=mysubdomain,dc=mydomain,dc=com
objectClass: top
objectClass: domain
dc: mydomain
dc: mysubdomain
description: Some root stuff
dn: ou=mysubdomaincertificates,dc=mysubdomain,dc=mydomain,dc=com
objectClass: top
objectClass: organizationalUnit
ou: mysubdomaincertificates
dn: [email protected],ou=mysubdomaincertificates,dc=mysubdomain,dc=mydomain,dc=com
objectClass: top
objectClass: person
objectClass: inetOrgPerson
cn: Test Test
sn: Test
Mail: [email protected]
userSMIMECertificate: #<What to put?>
I'm stuck in compiling my ldif file. As I understand, I need to put some binary encoded in Base64 with some prefix {CERT} or something.
My questions are
- Will this ldif file make modifications into the directory?
- Do I have problems except
userSMIMECertificatefield?- For example I'm using dc twice in the domain object, is it ok?
- Am I missing some other important line?
- What is exact syntax of putting certificate content in the
userSMIMECertificate? (I've made a search, but could not find the examples)
Upvotes: 2
Views: 2621
Answers (2)
Reputation: 4243
As a useful supplement to the existing answer from Terry Gardner
To avoid that your ldif depends on an external file, you might want to specify the userSMIMECertificate in such a way:
userSMIMECertificate:: Q29udGVudC1EaXNwb3NpdGlvbjogYXR0YWNobWVudDsKCWZpbGVuY
W1lPXNtaW1lLnA3cwpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3BrY3M3LXNpZ25hdHVyZTsK
[...]
This is basically the base64-encoded file contents.
In order to get rid of file dependencies, it's easiest to import the ldif with the file dependencies, then export the object to a new ldif. The export should create above format.
Upvotes: 0
Reputation: 11134
Here is your LDIF with the appropriate changes:
dn: dc=mysubdomain,dc=mydomain,dc=com
changetype: add
objectClass: top
objectClass: domain
dc: mysubdomain
description: Some root stuff
dn: ou=mysubdomaincertificates,dc=mysubdomain,dc=mydomain,dc=com
changetype: add
objectClass: top
objectClass: organizationalUnit
ou: mysubdomaincertificates
description: Provide some descriptive text here.
dn: [email protected],ou=mysubdomaincertificates,dc=mysubdomain,dc=mydomain,dc=com
changetype: add
objectClass: top
objectClass: person
objectClass: inetOrgPerson
cn: Test Test
sn: Test
Mail: [email protected]
userSMIMECertificate: file:///path-cert-file
Upvotes: 2
Related Questions
- LDAP search user based on certificate in Linux command line
- How to configure SSL in Spring LDAP?
- PrincipalContext LDAPS Self-Signed Certificate
- how to get ssl certificate for ldap/Active directory
- Bind to Active Directory via SSL using unbound id
- Adding Data to X509 certificate
- Using jndi connect LDAP in SSL mode ,how to program client certificate in java code?
- How to add user membership using LDIF?
- spring-security : Using user's certificate to authenticate against LDAP
- How can I search for a user based on a Certificate in LDAP?