I am working on a PKI project, and would like to be able to use OpenLDAP,
however, the certificate policy that we have to conform to mandates that CA
entries be a member of pkiCA and cpCps auxiliary object classes. Now, the
pkiCA requirement is easy, as it looks like OpenLDAP supports that just
fine, however, I'm wondering if cpCPS is able to be supported.
I guess my question is twofold:
Have the syntax checking routines mandated for the cpCps object class (I
presume out of ITU-T X.509 chapter 11) been implemented in OpenLDAP, and if
so, does anyone happen to have a schema file available so that I don't have
to write one myself to add this objectClass to OpenLDAP.
If not, is it possible to add these syntax checking routines in the same way
as one can extend the schema for object classes and attributes?
(I know that I could probably cheat, turn schema checking off and just build
have the server support the attributes in a somewhat custom fashion, but
since this is for a PKI system that needs a certain level of trust, I am a
bit loath to do this).
Thanks in advance.
Personal Mail from Patrick Patterson
No company affiliation