Am 20.10.20 um 22:20 schrieb Howard Chu:
Stefan Kania wrote:
But when I create a user or a server there is no certificate. In the manpage said:
Certificates for users and servers are generated on demand using a Search request
The manpage says, exactly:
Certificates for users and servers are generated on demand using a Search request returning only the userCertificate;binary and userPri‐ vateKey;binary attributes. Any Search for anything besides exactly these two attributes is ignored by the overlay.
That's what I did: ------------------- root@ldap25:~# ldapsearch -x -LLL -D "cn=user1 ldap,ou=users,dc=example,dc=net" -W -H ldap://ldap25 -b dc=example,dc=net "cn=user1 ldap" Enter LDAP Password: dn: cn=user1 ldap,ou=users,dc=example,dc=net objectClass: posixAccount objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person loginShell: /bin/bash homeDirectory: /home/u1-ldap uid: u1-ldap uidNumber: 10000 gidNumber: 10000 sn: ldap givenName: user1 userPassword:: e1NTSEF9L3lXMWxVUXdiVkNiTTNsdk1BK0VxQzhSdG9OUVV6Vlg= cn: user1 ldap
root@ldap25:~# ldapsearch -x -LLL -D "cn=user1 ldap,ou=users,dc=example,dc=net" -W -H ldap://ldap25 -b dc=example,dc=net "cn=user1 ldap" "userCertificate;binary" "userPrivateKey;binary" Enter LDAP Password: dn: cn=user1 ldap,ou=users,dc=example,dc=net
------------------
For the dc-Object it works: ------------------ root@ldap25:~# ldapsearch -x -LLL -D "cn=admin,dc=example,dc=net" -W -H ldap://ldap25 -b dc=example,dc=net "dc=example" "cACertificate;binary" Enter LDAP Password: dn: dc=example,dc=net cACertificate;binary:: MIIFcDCCA1igAwIBAgIJAKh3GIChqUPoMA0GCSqGSIb3DQEBCwUAMC4 .... ------------------