Kós Tamás wrote:
2008/8/21 Michael Ströder michael@stroeder.com:
Kós Tamás wrote:
I want to achieve achieve two things. Extend DN (if possible) to mail+cn attributes
Try ldapmodrdn command-line tool: ldapmodrdn [options] "CN=Gipsz Jakab" "CN=Gipsz Jakab+mail=user@domain"
OK, thanks I will try it, but I'm afraid it will ruins the card authentication...
If you have X.509 certs issued and the subject-DNs MUST match the user's entry DN then you have more to think about in your infrastructure.
to use ldapmodify to add certificate for the user.
Use ldapmodify with LDIF like this:
------------------------ snip ------------------------ dn: CN=Gipsz Jakab changetype: modify add: userCertificate;binary userCertificate;binary:: [..base64-encoded binary DER data of certificate..]
------------------------ snip ------------------------
I tried it, but we could have more Gipsz Jakab, so that I want to use mail or uid attributes..
Yes, this was just an example. dn: can be followed by any valid DN.
I vaguely remember that Domino/LDAP can contain entries like
dn: CN=Gipsz Jakab,uid=blurb
for the same user entry. But this violates LDAPv3 standard.
Ciao, Michael.