Red Hat CERTIFICATE SYSTEM 7.3 - ADMINISTRATION Administration Manual page 308
Hide thumbs
Also See for CERTIFICATE SYSTEM 7.3 - ADMINISTRATION:
- Manual (98 pages) ,
- Release note (24 pages) ,
- Manual (88 pages)
Table of Contents
Advertisement
Chapter 13. Certificate Profiles
b. Select Authentication in the left navigation tree.
c. In the Authentication Instance tab, click Add, and add an instance of the UidPwdDirAuth
authentication plug-in.
d. Set the information for the LDAP directory.
e. Set the LDAP attributes to populate.
f.
Save the new plug-in instance.
For information on configuring the LDAP authentication modules, see
Directory-Based
Authentication".
2. When the new authentication plug-in is added, the corresponding parameters are added to the
CA's CS.cfg file. For example, this instance of the UidPwdDirAuth plug-in is set to populate the
mail attribute:
...
auths.instance.UserDirEnrollment.dnpattern=
auths.instance.UserDirEnrollment.ldapByteAttributes=
auths.instance.UserDirEnrollment.ldapStringAttributes=mail
auths.instance.UserDirEnrollment.pluginName=UidPwdDirAuth
auths.instance.UserDirEnrollment.ldap.basedn=dc=example,dc=com
auths.instance.UserDirEnrollment.ldap.maxConns=
auths.instance.UserDirEnrollment.ldap.minConns=
auths.instance.UserDirEnrollment.ldap.ldapconn.host=localhost
auths.instance.UserDirEnrollment.ldap.ldapconn.port=389
auths.instance.UserDirEnrollment.ldap.ldapconn.secureConn=false...
The ldapStringAttributes parameter instructs the authentication plug-in to read the value
of the mail attribute from the user's LDAP entry and put that value in the certificate request.
When the value is in the request, the certificate profile policy can be set to insert that value for an
extension value.
3. To enable the CA to insert the LDAP attribute value in the certificate extension, edit the profile's
configuration file, and insert a policy set parameter for an extension. For example, to insert the
mail attribute value in the Subject Alternative Name extension in the caDirUser profile, do the
following:
cd /var/lib/rhpki-ca/profiles
vi caDirUser.cfg
policyset.setID.8.default.params.subjAltExtPattern_0=$request.auth_token.mail[0]$
4. Restart the CA.
/etc/init.d/rhpki-ca restart
For this example, certificates submitted through the caDirUser profile enrollment form will have the
Subject Alternative Name extension added with the value of the requester's mail LDAP attribute. For
example:
286
Section 16.3.1, "Setting up
Advertisement
Table of Contents
Related Manuals for Red Hat CERTIFICATE SYSTEM 7.3 - ADMINISTRATION
Related Products for Red Hat CERTIFICATE SYSTEM 7.3 - ADMINISTRATION
- Red Hat CERTIFICATE SYSTEM 7.0 - MIGRATION GUIDE
- Red Hat CERTIFICATE 7.1 ADMINISTRATOR
- Red Hat LINUX 7.2 - S-390
- Red Hat LINUX 7.1 - PSERIES
- Red Hat SYSTEM 8.0 - MIGRATION GUIDE 7.X TO 8.0
- Red Hat CERTIFICATE SYSTEM 7.2 - AGENT GUIDE
- Red Hat CERTIFICATE SYSTEM 8.0 - ADMINISTRATION
- Red Hat DIRECTORY SERVER 7.1 SP7 - S
Need help?
Do you have a question about the CERTIFICATE SYSTEM 7.3 - ADMINISTRATION and is the answer not in the manual?
Questions and answers