cert2ldap



CERT2LDAP(L)                                                      CERT2LDAP(L)




NAME

       cert2ldap - import a certificate into an LDAP server


SYNOPSIS

       cert2ldap [ options ] [ certificatefile ]


OPTIONS

       -hhostname
              connect to server hostname.

       -pport use port port instead of the usual LDAP port 389.

       -i     store  the  issuer  distinguished name of the certificate in the
              directory.

       -s     store the subject distinguished name of the certificate  in  the
              directory.

       -c     store the certificate in binary form in the directory.

       -n     store the serial number of the certificate in the directory.

       -d     increase debug level.

       -Dtargetdn
              add all the attributes specified to the entry with distinguished
              name targetdn.

       -bbinddn
              bind as user binddn to the directory.

       -wpassword
              use password to bind to the directory.

       -oowner
              create a certificate mapping entry that specifies owner  as  the
              owner of the certificate.

       -Vversion
              use LDAP protocol version version to connect to the server.

       -B     use "userCertifiate;binary" format for update, some servers seem
              to require this, others are happy without.



DESCRIPTION

       Cert2ldap is used to import a certificate into  an  LDAP  directory  in
       such a as to allow the mod_authz_ldap Apache module to authenticate and
       authorize users based on their certificates.  The certificate is either
       specified as a certificatefilename argument on the command line or read
       from standard input.  There are essentially two ways to  use  the  pro-
       gram:  either a certificate is added as a userCertifcate attribute to a
       users node, or a certificate mapping node is added  somewhere  else  in
       the directory, referencing the user.

       The  second  form is active as soon as one if the options -i, -s, -o or
       -n are used. The first form uses only the -c option. The  correct  con-
       figuration of the entires can be checked using the certfind(1) program.

       If the node to be updated does not exist yet, a minimal  node  is  cre-
       ated.   However  this  is  only marginally useful in the case of a node
       containing the certificate proper.


SEE ALSO

       certfind(1)



AUTHOR

       Andreas F. Mueller <andreas.mueller@othello.ch>




MOD_AUTHZ_LDAP                     21/04/01                       CERT2LDAP(L)

Man(1) output converted with man2html