Novell LINUX ENTERPRISE DESKTOP 11 - SECURITY GUIDE 17-03-2009 Manual page 184

17.2.7 Exporting CA Objects to LDAP
The executing computer should be configured with the YaST LDAP client for LDAP
export. This provides LDAP server information at runtime that can be used when
completing dialog fields. Otherwise, although export may be possible, all LDAP data
must be entered manually. You must always enter several passwords (see
"Passwords during LDAP Export"
Table 17.3
Password
LDAP Password
Certificate Password
New Certificate Password
Certificates, CAs, and CRLs can be exported to LDAP.
Exporting a CA to LDAP
To export a CA, enter the CA as described in
a Sub-CA"
which opens the dialog for entering LDAP data. If your system has been configured
with the YaST LDAP client, the fields are already partly completed. Otherwise,
enter all the data manually. Entries are made in LDAP in a separate tree with the
attribute "caCertificate".
Exporting a Certificate to LDAP
Enter the CA containing the certificate to export then select Certificates. Select the
required certificate from the certificate list in the upper part of the dialog and select
Export > Export to LDAP. The LDAP data is entered here in the same way as for
CAs. The certificate is saved with the corresponding user object in the LDAP tree
with the attributes "userCertificate" (PEM format) and "userPKCS12" (PKCS12
format).
172 Security Guide
(page 172)).
Passwords during LDAP Export
Meaning
Authorizes the user to make entries in the LDAP tree.
Authorizes the user to export the certificate.
The PKCS12 format is used during LDAP export.
This format forces the assignment of a new password
for the exported certificate.
(page 166). Select Extended > Export to LDAP in the subsequent dialog,
Section 17.2.3, "Creating or Revoking
Table 17.3,