directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kiran Ayyagari <ayyagariki...@gmail.com>
Subject Re: [ApacheDS]
Date Sat, 27 Sep 2008 08:50:18 GMT

hi Sarah,

    You can store digital certificates in ApacheDS. There is a object 
class named 'tlsKeyInfo' which you can use for
     storing the public/private keys along with the algorithm and format 
details.

     Here is the schema snippet for your quick reference. The complete 
apache.schema can be seen at http://xuumo.notlong.com

# =============================================
# SSL/TLS Key Management for LDAPS and StartTLS 
# =============================================

attributetype ( 1.3.6.1.4.1.18060.0.4.1.2.38
    NAME 'privateKeyFormat'
    DESC 'The format of the private key used for TLS'
    EQUALITY caseExactIA5Match
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )

attributetype ( 1.3.6.1.4.1.18060.0.4.1.2.41
    NAME 'publicKeyFormat'
    DESC 'The format of the public key used for TLS'
    EQUALITY caseExactIA5Match
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )

attributetype ( 1.3.6.1.4.1.18060.0.4.1.2.39
    NAME 'keyAlgorithm'
    DESC 'The algorithm used for the key/pair used by the server for TLS'
    EQUALITY caseExactIA5Match
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )

attributetype ( 1.3.6.1.4.1.18060.0.4.1.2.40
    NAME 'privateKey'
    DESC 'The private key material used for TLS'
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE )

attributetype ( 1.3.6.1.4.1.18060.0.4.1.2.42
    NAME 'publicKey'
    DESC 'The public key material used for TLS'
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE )

objectclass ( 1.3.6.1.4.1.18060.0.4.1.3.11
    NAME 'tlsKeyInfo'
    SUP top
    AUXILIARY
    MUST ( privateKeyFormat $ keyAlgorithm $ privateKey $
           publicKeyFormat $ publicKey ) )

# =================================================
# END SSL/TLS Key Management for LDAPS and StartTLS
# =================================================
 
HTH
Kiran Ayyagari

Sarah kho wrote:
> Hi
>
> I saw that  "RFC 4523 Lightweight Directory Access Protocol (LDAP) Schema
> Definitions for X.509 Certificates." is not supported by ApacheDS
>
> Can someone please explain whether it is possible to use ApacheDS to store
> user's digital certificates along with other informations?
>
> Thanks.
>
>   

Mime
View raw message