CERT2LDAP(L) CERT2LDAP(L)

NAME cert2ldap - import a certificate into an LDAP server

SYNOPSIS cert2ldap [ options ] [ certificatefile ]

OPTIONS -hhostname connect to server hostname.

-pport use port port instead of the usual LDAP port 389.

-i store the issuer distinguished name of the certificate in the directory.

-s store the subject distinguished name of the certificate in the directory.

-c store the certificate in binary form in the directory.

-n store the serial number of the certificate in the directory.

-d increase debug level.

-Dtargetdn add all the attributes specified to the entry with distinguished name targetdn.

-bbinddn bind as user binddn to the directory.

-wpassword use password to bind to the directory.

-oowner create a certificate mapping entry that specifies owner as the owner of the certificate.

-Vversion use LDAP protocol version version to connect to the server.

-B use "userCertifiate;binary" format for update, some servers seem to require this, others are happy without.

DESCRIPTION Cert2ldap is used to import a certificate into an LDAP directory in such a as to allow the mod_authz_ldap Apache module to authenticate and authorize users based on their certificates. The certificate is either specified as a certificatefilename argument on the command line or read from standard input. There are essentially two ways to use the pro- gram: either a certificate is added as a userCertifcate attribute to a users node, or a certificate mapping node is added somewhere else in the directory, referencing the user.

The second form is active as soon as one if the options -i, -s, -o or -n are used. The first form uses only the -c option. The correct con- figuration of the entires can be checked using the certfind(1) program.

If the node to be updated does not exist yet, a minimal node is cre- ated. However this is only marginally useful in the case of a node containing the certificate proper.