I am trying to do LDAP client certificate mapping. I had given an insight of
My certmap.conf file:
certmap example ou=employees,o=us.com
-------------� this is the DN of the
Generation of CA cert:
certutil -S -n "CertCA" -s "ou= employees,o= us.com" -x -t
"CT,," -m 1000 -v
120 -d <path/to/instance cert db>
-z noise.txt –f pwdfile.txt
Is this correct.
I assume ou=employees,o=us.com
is my CA cert issuer. So I am using it as
issuerDN value in certmap.conf.
creating client certificate.
certutil -S -n "certuser" -s "cn=certuser, ou=employees,o=us.com
CertCA " -t "u,u,u" -m 1003 -v 120 -d <path/to/instance cert db> -z
noise.txt –f pwdfile.txt
and adding userCertificate;binary attribute to that user entry, after
creating binary certificate.
certutil -L -d <instance-path> -n "certuser" -r >usercert.bin
When I try to ldapsearch:
ldapsearch -h myhost -p 636 -Z -P /etc/opt/dirsrv/slapd-<instance>/cert8.db
-N " certuser " -K /etc/opt/dirsrv/slapd-<instance>/key3.db -W
ldap_sasl_bind: Invalid credentials
ldap_sasl_bind: additional info: client certificate mapping failed
But when I change the issuerDN in certmap.conf file to whatever dn (even if
it is non-existing and invalid) I am getting the search
Result properly. But the criteria is the issuerDN in certmap.conf should be
exactly the same DN whose issues the CA certificate.
The problem is whenever I use correct issuerDN in first line of certmap.conf
file I am getting error.
I am totally confused. Can somebody help me to get rid of this problem?
Thanks in advance,
Hello Neron Ring.
Certificate to LDAP Mapping:
Page 198 ish.
From page 201 of the above guide:
< You can use the Certificate Mapping API to create your own properties. For
< information on using the Certificate Mapping API, see “Certificate Mapping
< at the following URL - which is followed by a defunct link.
Try here, rather:
I hope this helps, laters. I'll keep an eye out for further questions
along this line.
Date: Tue, 24 Mar 2009 17:51:50 +0530
Subject: [Fedora-directory-users] Certificate to LDAP Mapping API
I need to use “Certificate to LDAP Mapping” functionality.
The README file in the source ldapserver/lib/ldaputil/examples path
Refer "Certificate to LDAP Mapping API" documentation to find out about the
various API functions and how you can write your
And also to refer “Managing servers” manual. But I couldn’t get those
documents. How can I write my own plug-in for LDAP Mapping?
Or what can I do with Certmap.conf file to configure Certificate to LDAP
Can somebody provide link to that document or explain
what is Certificate to LDAP Mapping.
Thanks in advance,