Red Hat CERTIFICATE SYSTEM 8.0 - MANAGING SMART CARDS WITH THE ENTERPRISE SECURITY CLIENT 1-23-2010 Manual page 48

Managing smart cards with the enterprise security client

Hide thumbs

Table Of Contents

Table of Contents

Chapter 4. Using Security Officer Mode

TIP

It can be simpler to add and copy user entries in the LDAP database using the Red

Hat Directory Server Console. Using the Directory Server Console is described more

in the Red Hat Directory Server Administrators Guide in

Directory Entries

There are two subtrees associated with the TPS. One is used for external users, which has

a DN like dc=server, dc=example,dc=com; this directory is used to authenticate any

user attempting to enroll a smart card. The other database is used for internal TPS instance

entries, including TPS agents, administrators, and security officers. This subtree has a DN

like dc=server.example.com-pki-tps. The TUS Officers group entry is under the

dc=server.example.com-pki-tps suffix.

Any security officer entry has to be a child entry of the TUS Officers group entry. This means that

the group entry is the main entry, and the user entry is directly beneath it in the directory tree.

The TUS Officers group entry is cn=TUS Officers,ou=Groups,

dc=server.example.com-pki-tps.

For example, to add the security officer entry using ldapmodify:

/usr/lib/mozldap/ldapmodify -a -D "cn=Directory Manager" -w secret -p 389 -h

server.example.com

dn: uid=jsmith,cn=TUS Officers,ou=Groups, dc=server.example.com-pki-tps

objectclass: inetorgperson

objectclass: organizationalPerson

objectclass: person

objectclass: top

sn: smith

uid: jsmith

cn: John Smith

mail: jsmith@example.com

userPassword: secret

Hit Enter twice to send the entry, or hit Ctrl+D.

2. Check the TPS's security officer workstation to make sure it is pointing to the external user subtree

DN to authenticate users who will enroll smart cards.

vim /var/lib/pki-tps/cgi-bin/sow/cfg.pl

# Feel free to modify the following parameters:

my $ldapHost = "localhost";

my $ldapPort = "389";

my $basedn = "ou=People,dc=server, dc=example,dc=com";

my $port = "7888";

my $secure_port = "7889";

my $host = "localhost";

Then, configure the Enterprise Security Client.

section 3.1.2, "Creating

Table of Contents

Need help?

Do you have a question about the CERTIFICATE SYSTEM 8.0 - MANAGING SMART CARDS WITH THE ENTERPRISE SECURITY CLIENT 1-23-2010 and is the answer not in the manual?

Questions and answers

Related Products for Red Hat CERTIFICATE SYSTEM 8.0 - MANAGING SMART CARDS WITH THE ENTERPRISE SECURITY CLIENT 1-23-2010

This manual is also suitable for:

System 8.0 - managing smart cards with the enterprise security client Certificate system 8.0 - administration

Red Hat CERTIFICATE SYSTEM 8.0 - MANAGING SMART CARDS WITH THE ENTERPRISE SECURITY CLIENT 1-23-2010 Manual page 48

Need help?

Questions and answers

Related Manuals for Red Hat CERTIFICATE SYSTEM 8.0 - MANAGING SMART CARDS WITH THE ENTERPRISE SECURITY CLIENT 1-23-2010

Related Products for Red Hat CERTIFICATE SYSTEM 8.0 - MANAGING SMART CARDS WITH THE ENTERPRISE SECURITY CLIENT 1-23-2010

This manual is also suitable for:

Table of Contents