The IPA server would contain a user account whose entry's DN, recorded full name, IPA user name, recorded email address, and Kerberos principal name I'd specified when creating the certificate, and the user entry would have been modified to add the 'pkiUser' object class so that the newly-generated certificate could be set as its userCertificate value.Īfter that, it should have been pretty straightforward to cycle through the various matching options that we're adding to pam_pkcs11's ldap mapper. I probably used "local-getcert request" with the -F flag to generate the certificate and a CA certificate, either pk12util or openssl's pkcs12 command to export the key and certificate into a PKCS#12 bundle, and OpenSC's pkcs15-init's -store-private-key option to dump the private key and certificate onto the card. It's been a while, but I'd have used pklogin_finder and a card containing a certificate whose contents I could easily reissue with different contents, and combined it with an IPA server. Mar 14 15:10:43 sophia slapd: conn=1041 op=3 SRCH base="dc=rootlogin,dc=ch" scope=2 deref=2 filter="(&(uid=simon.Nothing automated, unfortunately. Mar 14 15:10:43 sophia slapd: conn=1041 op=2 BIND dn="cn=Simon Erhardt,ou=clubr,dc=rootlogin,dc=ch" mech=SIMPLE ssf=0 Mar 14 15:10:43 sophia slapd: conn=1041 op=2 BIND dn="cn=Simon Erhardt,ou=clubr,dc=rootlogin,dc=ch" method=128 Mar 14 15:10:43 sophia slapd: conn=1041 op=2 BIND anonymous mech=implicit ssf=0 Mar 14 15:10:43 sophia slapd: conn=1041 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= Mar 14 15:10:43 sophia slapd: <= bdb_equality_candidates: (uid) not indexed Hab mal das Loglevel von OpenLDAP hochgesetzt. Wenn ich aber ein LDAP Search mache, klappt das ohne Probleme:
$env(SSL_SERVER_S_DN) = $env(SSL_SERVER_S_DN_C) = "CH"
$env(SSL_SERVER_I_DN_OU) = "Secure Digital Certificate Signing" $env(SSL_SERVER_I_DN_CN) = "StartCom Class 1 Primary Intermediate Server CA" $env(SSL_SERVER_I_DN) = "/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Class 1 Primary Intermediate Server CA"
$env(SSL_SERVER_A_SIG) = "sha1WithRSAEncryption" $env(SSL_SERVER_A_KEY) = "rsaEncryption" $env(SSL_CIPHER) = "DHE-RSA-AES256-SHA" $env(SERVER_ADMIN) = $env(SERVER_NAME) = "" $env(SCRIPT_FILENAME) = "/usr/share/bugzilla3/web/index.cgi" $env(HTTP_ACCEPT_ENCODING) = "gzip,deflate,sdch" $env(HTTP_ACCEPT) = "text/html,application/xhtml+xml,application/xml q=0.9,*/* q=0.8" $env(DOCUMENT_ROOT) = "/usr/share/bugzilla3/web" $env(CONTENT_TYPE) = "application/x-www-form-urlencoded" Der funktioniert soweit auch, dort kann das Problem nicht liegen, da bereits ein Mediawiki und Zarafa angehängt ist, bei welchen ich mich ohne Probleme einloggen kann. Als LDAP-Dienst kommt OpenLDAP zum Einsatz. Ich habe Bugzilla3 aus den Repos installiert, hat soweit geklappt, nur schaffe ich nicht mich über LDAP in Bugzilla einzuloggen.
0 kommentar(er)
