IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2024-12-26 17:01:14 -06:00
Code Issues Packages Projects Releases Wiki Activity
f54df62aba
freeipa/install/share/certmap.conf.template
Fraser Tweedale f54df62aba dsinstance: extract function for writing certmap.conf 
For full customisability of the IPA CA subject DN, we will need the
ability to update DS `certmap.conf' when upgrading a deployment from
CA-less to CA-ful.

Extract the existing behaviour, which is private to DsInstance, to
the `write_certmap_conf' top-level function.

Also update `certmap.conf.template' for substition of the whole CA
subject DN (not just the subject base).

Part of: https://fedorahosted.org/freeipa/ticket/2614

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2017-01-11 15:26:20 +01:00

47 lines
1.6 KiB
Plaintext
Raw Blame History

#
# This file configures how a certificate is mapped to an LDAP entry. See the
# documentation for more information on this file.
#
# The format of this file is as follows:
# certmap <name> <issuerDN>
# <name>:<prop1> [<val1>]
# <name>:<prop2> [<val2>]
#
# Notes:
#
# 1. Mapping can be defined per issuer of a certificate. If mapping doesn't
# exists for a particular 'issuerDN' then the server uses the default
# mapping.
#
# 2. There must be an entry for <name>=default and issuerDN "default".
# This mapping is the default mapping.
#
# 3. '#' can be used to comment out a line.
#
# 4. DNComps & FilterComps are used to form the base DN and filter resp. for
# performing an LDAP search while mapping the cert to a user entry.
#
# 5. DNComps can be one of the following:
# commented out - take the user's DN from the cert as is
# empty - search the entire LDAP tree (DN == suffix)
# attr names - a comma separated list of attributes to form DN
#
# 6. FilterComps can be one of the following:
# commented out - set the filter to "objectclass=*"
# empty - set the filter to "objectclass=*"
# attr names - a comma separated list of attributes to form the filter
#
certmap default default
#default:DNComps
#default:FilterComps e, uid
#default:verifycert on
#default:CmapLdapAttr certSubjectDN
#default:library <path_to_shared_lib_or_dll>
#default:InitFn <Init function's name>
default:DNComps
default:FilterComps uid
certmap ipaca $ISSUER_DN
ipaca:CmapLdapAttr seeAlso
ipaca:verifycert on
Reference in New Issue View Git Blame Copy Permalink