[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Storage of Public Keys with LDAP
Antonin Novak wrote:
>
> Does anyone know whether it is possible to store Public keys in LDAP.
Which kind of public keys?
X.509:
You can store CA certs, CRLs and client certs. On a LDAPv2 server (like
OpenLDAP 1.2.x) you have to extend the schema (see below). Netscape
Communicator and M$ IE 5+ should be able to retrieve client certs (e.g.
for use with S/MIME e-mails) from LDAP. Retrieving CA certs and CRLs
from LDAP is rather unusual... :-(
PGP:
IMHO there's also a RFC for storing PGP keys on LDAP servers. But I'm
not sure if there are implementations for that...
Ciao, Michael.
------------------------------- beiss -------------------------------
attribute cACertificate;binary bin
attribute authorityRevocationList;binary bin
attribute certificateRevocationList;binary bin
attribute crossCertificatePair;binary bin
attribute userCertificate;binary bin
attribute userSMIMECertificate;binary bin
objectclass strongAuthenticationUser
requires
objectClass,
userCertificate;binary
allows
userSMIMEcertificate;binary
objectclass certificationAuthority
requires
objectClass,
cACertificate;binary
allows
authorityRevocationList;binary,
certificateRevocationList;binary,
crossCertificatePair;binary