[rs-commit] r93 - in /rs-manual/trunk/src: main/modules.xml site/resources/images/mod_ca_ldap.png site/xhtml5/mod/mod_ca_ldap.xhtml5

rs-commit at redwax.eu rs-commit at redwax.eu
Thu Oct 17 18:40:12 CEST 2019


Author: minfrin at redwax.eu
Date: Thu Oct 17 18:40:11 2019
New Revision: 93

Log:
Add docs for the mod_ca_ldap module.

Added:
    rs-manual/trunk/src/site/resources/images/mod_ca_ldap.png   (with props)
    rs-manual/trunk/src/site/xhtml5/mod/mod_ca_ldap.xhtml5
Modified:
    rs-manual/trunk/src/main/modules.xml

Modified: rs-manual/trunk/src/main/modules.xml
==============================================================================
--- rs-manual/trunk/src/main/modules.xml	(original)
+++ rs-manual/trunk/src/main/modules.xml	Thu Oct 17 18:40:11 2019
@@ -10,5 +10,6 @@
   <module type="backend">mod_ca_crl</module>
   <module type="backend">mod_ca_disk</module>
   <module type="backend">mod_ca_engine</module>
+  <module type="backend">mod_ca_ldap</module>
   <module type="backend">mod_ca_simple</module>
 </modules>

Added: rs-manual/trunk/src/site/resources/images/mod_ca_ldap.png
==============================================================================
Binary file - no diff available.

Propchange: rs-manual/trunk/src/site/resources/images/mod_ca_ldap.png
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Added: rs-manual/trunk/src/site/xhtml5/mod/mod_ca_ldap.xhtml5
==============================================================================
--- rs-manual/trunk/src/site/xhtml5/mod/mod_ca_ldap.xhtml5	(added)
+++ rs-manual/trunk/src/site/xhtml5/mod/mod_ca_ldap.xhtml5	Thu Oct 17 18:40:11 2019
@@ -0,0 +1,941 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
+  <head>
+    <title>mod_ca_ldap Module</title>
+    <meta name="description" content="Read a certificate revocation list from a file on disk." />
+    <meta name="mod-ca-type" content="backend" />
+  </head>
+  <body>
+    <div class="index align-left">
+
+      <section class="wrapper style1 align-center"
+        id="introduction">
+        <div class="inner">
+          <h2>LDAP Backend Module</h2>
+          <p>Authorise the issuing of a certificate, and store the certificate issued
+            against an LDAP directory.</p>
+
+          <div class="index align-left">
+
+            <section>
+              <header>
+                <h3>What does it do?</h3>
+              </header>
+              <div class="content">
+
+                <p>
+                  Based on configuration providing the details of an LDAP server,
+                  the issuing of the certificate can be authorised in advance, and
+                  the resulting issued certificate can be stored in an LDAP directory.
+                </p>
+
+                <p>
+                  When storing the certificate, all modifications to the directory are
+                  applied in a single transaction.
+                </p>
+
+              </div>
+            </section>
+
+          </div>
+        </div>
+      </section>
+
+
+      <section class="wrapper style1 align-center" id="integration">
+        <div class="inner">
+          <h2>Module Integration</h2>
+          <p>
+            The
+            <code>mod_ca_ldap</code>
+            module is a
+            <a href="mod_ca.html#backend">backend module</a>
+            and will not do anything useful until
+            <code>mod_ca_ldap</code>
+            has been combined with one or
+            more
+            <a href="mod_ca.html#frontend">frontend modules</a>
+            listed below. The
+            <code>mod_ca_ldap</code>
+            module uses the following hooks, and suitable
+            <a href="mod_ca.html#frontend">frontend modules</a>
+            must be configured to implement each protocol as needed.
+          </p>
+
+          <p>
+            All <a href="mod_ca.html#backend">backend modules</a> run within
+            a standard Apache httpd request, and standard httpd functionality
+            applies in all cases.
+          </p>
+
+          <div>
+            <img src="../images/mod_ca_ldap.png" style="width: 100%;" />
+          </div>
+
+          <div class="index align-left">
+
+            <section>
+              <header>
+                <h3>
+                  <a href="mod_ca.html#ca_reqauthz">Request Authorization Hook</a>
+                </h3>
+              </header>
+              <div class="content">
+                <p>This optional hook allows you to verify the parameters
+                  included with the certificate sign request, such as the
+                  challenge password. If left unconfigured, all certificate
+                  requests will be accepted.</p>
+                <p>The <a href="#CALdapUrl">CALdapUrl</a>
+                  directive enables the <a href="mod_ca.html#ca_reqauthz">Request Authorization Hook</a>
+                  in <a href="mod_ca_ldap.html">mod_ca_ldap</a>.</p>
+                <table>
+                  <tbody>
+                    <tr>
+                      <td>
+                        <a href="mod_csr.html">mod_csr</a>
+                      </td>
+                      <td>Generate and issue certificates in response to an X509
+                        certificate request.</td>
+                    </tr>
+                    <tr>
+                      <td>
+                        <a href="mod_pkcs12.html">mod_pkcs12</a>
+                      </td>
+                      <td>Generate public/private key pairs and and issue certificates in response
+                        to a application/x-www-form-urlencoded form request.</td>
+                    </tr>
+                    <tr>
+                      <td>
+                        <a href="mod_scep.html">mod_scep</a>
+                      </td>
+                      <td>Generate and issue certificates using the SCEP protocol.</td>
+                    </tr>
+                    <tr>
+                      <td>
+                        <a href="mod_spkac.html">mod_spkac</a>
+                      </td>
+                      <td>Generate and issue certificates using the SPKAC protocol.</td>
+                    </tr>
+                  </tbody>
+                </table>
+              </div>
+            </section>
+
+            <section>
+              <header>
+                <h3>
+                  <a href="mod_ca.html#ca_certstore">Certificate Storage Hook</a>
+                </h3>
+              </header>
+              <div class="content">
+                <p>This optional hook allows the newly generated certificate to
+                  be stored locally or in a database or directory. If left
+                  unconfigured, no local copy of the certificate will be stored.</p>
+                <p>Both the <a href="#CALdapUrl">CALdapUrl</a>
+                  directive and the <a href="#CALdapCertAttribute">CALdapCertAttribute</a>
+                  directive enables the <a href="mod_ca.html#ca_certstore">Certificate Storage Hook</a>
+                  in <a href="mod_ca_ldap.html">mod_ca_ldap</a>.</p>
+                <table>
+                  <tbody>
+                    <tr>
+                      <td>
+                        <a href="mod_csr.html">mod_csr</a>
+                      </td>
+                      <td>Generate and issue certificates in response to an X509
+                        certificate request.</td>
+                    </tr>
+                    <tr>
+                      <td>
+                        <a href="mod_pkcs12.html">mod_pkcs12</a>
+                      </td>
+                      <td>Generate public/private key pairs and and issue certificates in response
+                        to a application/x-www-form-urlencoded form request.</td>
+                    </tr>
+                    <tr>
+                      <td>
+                        <a href="mod_scep.html">mod_scep</a>
+                      </td>
+                      <td>Generate and issue certificates using the SCEP protocol.</td>
+                    </tr>
+                    <tr>
+                      <td>
+                        <a href="mod_spkac.html">mod_spkac</a>
+                      </td>
+                      <td>Generate and issue certificates using the SPKAC protocol.</td>
+                    </tr>
+                  </tbody>
+                </table>
+              </div>
+            </section>
+
+          </div>
+        </div>
+      </section>
+
+
+      <section class="wrapper style1 align-center"
+        id="directive-reference">
+        <div class="inner">
+          <h2>Examples</h2>
+          <div class="index align-left">
+
+            <section>
+              <header>
+                <h3>Verification Example</h3>
+              </header>
+              <div class="content">
+                <p>The simplest case: verify the issuing of the certificate. The certificate request
+                  is expected to contain a challenge password, and we will attempt to
+                  bind to the directory as the mapped user and challenge password.</p>
+<pre><code><![CDATA[
+# backend configuration:
+<IfModule mod_ca_simple.c>
+  # sign with this certificate...
+  CASimpleCertificate /etc/pki/tls/ca-cert.pem
+  # ...and private key
+  CASimpleKey /etc/pki/tls/ca-key.pem
+  # use system clock as the time source
+  CASimpleTime on
+  # assign a random serial number
+  CASimpleSerialRandom on
+</IfModule>
+<IfModule mod_ca_ldap.c>
+  # bind to this directory
+  CALdapUrl ${LDAP_BASEURL}?cn?sub?(objectclass=simpleSecurityObject)
+  CALdapBindDN "${LDAP_BINDDN}"
+  CALdapBindPassword ${LDAP_BINDPW}
+  # map the LDAP attribute 'cn' to the 'CN' element in the certificate subject when searching
+  CALdapSubject cn CN
+</IfModule>
+
+# frontend configuration:
+<IfModule mod_csr.c>
+  <Location /csr>
+    SetHandler csr
+    # use subject from the certificate sign request unmodified
+    CsrSubjectRequest *
+  </Location>
+</IfModule>
+]]></code></pre>
+              </div>
+            </section>
+
+            <section>
+              <header>
+                <h3>Storage Example</h3>
+              </header>
+              <div class="content">
+                <p>The storage case: verify the issuing of the certificate, and store the result in the directory.</p>
+<pre><code><![CDATA[
+# backend configuration:
+<IfModule mod_ca_simple.c>
+  # sign with this certificate...
+  CASimpleCertificate /etc/pki/tls/ca-cert.pem
+  # ...and private key
+  CASimpleKey /etc/pki/tls/ca-key.pem
+  # use system clock as the time source
+  CASimpleTime on
+  # assign a random serial number
+  CASimpleSerialRandom on
+</IfModule>
+<IfModule mod_ca_ldap.c>
+  # bind to this directory
+  CALdapUrl ${LDAP_BASEURL}?cn?sub?(objectclass=simpleSecurityObject)
+  CALdapBindDN "${LDAP_BINDDN}"
+  CALdapBindPassword ${LDAP_BINDPW}
+  # map the LDAP attribute 'cn' to the 'CN' element in the certificate subject when searching
+  CALdapSubject cn CN
+  # if the certificate was issued, remove the password
+  CALdapPasswordAttribute userPassword
+  # if the certificate was issued, remove the objectclass
+  CALdapPasswordObjectClass simpleSecurityObject
+  # if the certificate was issued, store it in the following attribute
+  CALdapCertAttribute userCertificate
+  # if the certificate was issued, add the following objectclass
+  CALdapCertObjectClass pkiUser
+</IfModule>
+
+# frontend configuration:
+<IfModule mod_csr.c>
+  <Location /csr>
+    SetHandler csr
+    # use subject from the certificate sign request unmodified
+    CsrSubjectRequest *
+  </Location>
+</IfModule>
+]]></code></pre>
+              </div>
+            </section>
+
+          </div>
+        </div>
+      </section>
+
+
+      <section class="wrapper style1 align-center"
+        id="directive-reference">
+        <div class="inner">
+          <h2>Directive Reference</h2>
+          <div class="index align-left">
+
+            <section>
+              <header>
+                <h3>CALdapUrl Directive</h3>
+              </header>
+              <div class="content">
+
+                <table>
+                  <tbody>
+                    <tr>
+                      <td>Description</td>
+                      <td>Set to a RFC 2255 compliant URL to define the LDAP connection.</td>
+                    </tr>
+                    <tr>
+                      <td>Syntax</td>
+                      <td>
+                        <code>CALdapUrl url</code>
+                      </td>
+                    </tr>
+                    <tr>
+                      <td>Default</td>
+                      <td>
+                        <code>none</code>
+                      </td>
+                    </tr>
+                    <tr>
+                      <td>Context</td>
+                      <td>server config, virtual host, directory, .htaccess</td>
+                    </tr>
+                    <tr>
+                      <td>Status</td>
+                      <td>
+                        <a href="mod_ca.html#backend">Backend</a>
+                      </td>
+                    </tr>
+                    <tr>
+                      <td>Module</td>
+                      <td>mod_ca_ldap</td>
+                    </tr>
+                    <tr>
+                      <td>Compatibility</td>
+                      <td>Introduced in mod_ca 0.2.0 and works with Apache HTTP
+                        Server 2.4.0 and later</td>
+                    </tr>
+                  </tbody>
+                </table>
+
+                <p>Set to a RFC 2255 compliant URL to define the LDAP connection.</p>
+
+                <p>The URL is of the form ldap://host[:port]/basedn[?attrib[?scope[?filter]]].
+                </p>
+                
+                <ul>
+                <li><code>host</code> is the name of the LDAP server. Use a space separated list of hosts
+                  to specify redundant servers.</li>
+                <li><code>port</code> is optional, and specifies the port to connect to.</li>
+                <li><code>basedn</code> specifies the base DN to start searches from.</li>
+                <li><code>attrib</code> specifies what attribute to search for in the directory.</li>
+                <li><code>scope</code> is the scope of the search, and can be either <b>sub</b> or
+                  <b>one</b>. If not provided, the default is <b>sub</b>.</li>
+                <li><code>filter</code> is a filter to use in the search. If not provided, defaults to
+                  <b>(objectClass=*)</b></li>
+                </ul>
+
+              </div>
+            </section>
+
+            <section>
+              <header>
+                <h3>CALdapBindDN Directive</h3>
+              </header>
+              <div class="content">
+
+                <table>
+                  <tbody>
+                    <tr>
+                      <td>Description</td>
+                      <td>DN to use to bind to LDAP server. If not provided, will do an anonymous bind.</td>
+                    </tr>
+                    <tr>
+                      <td>Syntax</td>
+                      <td>
+                        <code>CALdapBindDN string</code>
+                      </td>
+                    </tr>
+                    <tr>
+                      <td>Default</td>
+                      <td>
+                        <code>none</code>
+                      </td>
+                    </tr>
+                    <tr>
+                      <td>Context</td>
+                      <td>server config, virtual host, directory, .htaccess</td>
+                    </tr>
+                    <tr>
+                      <td>Status</td>
+                      <td>
+                        <a href="mod_ca.html#backend">Backend</a>
+                      </td>
+                    </tr>
+                    <tr>
+                      <td>Module</td>
+                      <td>mod_ca_ldap</td>
+                    </tr>
+                    <tr>
+                      <td>Compatibility</td>
+                      <td>Introduced in mod_ca 0.2.0 and works with Apache HTTP
+                        Server 2.4.0 and later</td>
+                    </tr>
+                  </tbody>
+                </table>
+
+                <p>DN to use to bind to LDAP server. If not provided, will do an anonymous bind.</p>
+
+              </div>
+            </section>
+
+            <section>
+              <header>
+                <h3>CALdapBindPassword Directive</h3>
+              </header>
+              <div class="content">
+
+                <table>
+                  <tbody>
+                    <tr>
+                      <td>Description</td>
+                      <td>Password to use to bind to LDAP server. If not provided, will do an anonymous bind.</td>
+                    </tr>
+                    <tr>
+                      <td>Syntax</td>
+                      <td>
+                        <code>CALdapBindPassword string</code>
+                      </td>
+                    </tr>
+                    <tr>
+                      <td>Default</td>
+                      <td>
+                        <code>none</code>
+                      </td>
+                    </tr>
+                    <tr>
+                      <td>Context</td>
+                      <td>server config, virtual host, directory, .htaccess</td>
+                    </tr>
+                    <tr>
+                      <td>Status</td>
+                      <td>
+                        <a href="mod_ca.html#backend">Backend</a>
+                      </td>
+                    </tr>
+                    <tr>
+                      <td>Module</td>
+                      <td>mod_ca_ldap</td>
+                    </tr>
+                    <tr>
+                      <td>Compatibility</td>
+                      <td>Introduced in mod_ca 0.2.0 and works with Apache HTTP
+                        Server 2.4.0 and later</td>
+                    </tr>
+                  </tbody>
+                </table>
+
+                <p>Password to use to bind to LDAP server. If not provided, will do an anonymous bind.</p>
+
+              </div>
+            </section>
+
+            <section>
+              <header>
+                <h3>CALdapSubject Directive</h3>
+              </header>
+              <div class="content">
+
+                <table>
+                  <tbody>
+                    <tr>
+                      <td>Description</td>
+                      <td>Mapping from LDAP attribute to certificate subject element.</td>
+                    </tr>
+                    <tr>
+                      <td>Syntax</td>
+                      <td>
+                        <code>CALdapSubject string string</code>
+                      </td>
+                    </tr>
+                    <tr>
+                      <td>Default</td>
+                      <td>
+                        <code>none</code>
+                      </td>
+                    </tr>
+                    <tr>
+                      <td>Context</td>
+                      <td>server config, virtual host, directory, .htaccess</td>
+                    </tr>
+                    <tr>
+                      <td>Status</td>
+                      <td>
+                        <a href="mod_ca.html#backend">Backend</a>
+                      </td>
+                    </tr>
+                    <tr>
+                      <td>Module</td>
+                      <td>mod_ca_ldap</td>
+                    </tr>
+                    <tr>
+                      <td>Compatibility</td>
+                      <td>Introduced in mod_ca 0.2.0 and works with Apache HTTP
+                        Server 2.4.0 and later</td>
+                    </tr>
+                  </tbody>
+                </table>
+
+                <p>Mapping from LDAP attribute to certificate subject element.</p>
+                
+                <p>The first parameter is the LDAP attribute to be embedded in the
+                  search filter.</p>
+                  
+                <p>The second parameter is the name or OID of the element in the
+                  subject to be embedded as the value in the search filter.</p>
+
+              </div>
+            </section>
+
+            <section>
+              <header>
+                <h3>CALdapSubjectAltName Directive</h3>
+              </header>
+              <div class="content">
+
+                <table>
+                  <tbody>
+                    <tr>
+                      <td>Description</td>
+                      <td>Mapping from LDAP attribute to certificate subject alternate name element.</td>
+                    </tr>
+                    <tr>
+                      <td>Syntax</td>
+                      <td>
+                        <code>CALdapSubjectAltName string string</code>
+                      </td>
+                    </tr>
+                    <tr>
+                      <td>Default</td>
+                      <td>
+                        <code>none</code>
+                      </td>
+                    </tr>
+                    <tr>
+                      <td>Context</td>
+                      <td>server config, virtual host, directory, .htaccess</td>
+                    </tr>
+                    <tr>
+                      <td>Status</td>
+                      <td>
+                        <a href="mod_ca.html#backend">Backend</a>
+                      </td>
+                    </tr>
+                    <tr>
+                      <td>Module</td>
+                      <td>mod_ca_ldap</td>
+                    </tr>
+                    <tr>
+                      <td>Compatibility</td>
+                      <td>Introduced in mod_ca 0.2.0 and works with Apache HTTP
+                        Server 2.4.0 and later</td>
+                    </tr>
+                  </tbody>
+                </table>
+
+                <p>Mapping from LDAP attribute to certificate subject alternate name element.</p>
+                
+                <p>The first parameter is the LDAP attribute to be embedded in the
+                  search filter.</p>
+                  
+                <p>The second parameter is the name or OID of the element in the
+                  subject alternate name to be embedded as the value in the search filter.</p>
+
+              </div>
+            </section>
+
+            <section>
+              <header>
+                <h3>CALdapTimeout Directive</h3>
+              </header>
+              <div class="content">
+
+                <table>
+                  <tbody>
+                    <tr>
+                      <td>Description</td>
+                      <td>Specify the LDAP bind/search timeout in seconds.</td>
+                    </tr>
+                    <tr>
+                      <td>Syntax</td>
+                      <td>
+                        <code>CALdapTimeout integer</code>
+                      </td>
+                    </tr>
+                    <tr>
+                      <td>Default</td>
+                      <td>
+                        <code>CALdapTimeout 60</code>
+                      </td>
+                    </tr>
+                    <tr>
+                      <td>Context</td>
+                      <td>server config, virtual host, directory, .htaccess</td>
+                    </tr>
+                    <tr>
+                      <td>Status</td>
+                      <td>
+                        <a href="mod_ca.html#backend">Backend</a>
+                      </td>
+                    </tr>
+                    <tr>
+                      <td>Module</td>
+                      <td>mod_ca_ldap</td>
+                    </tr>
+                    <tr>
+                      <td>Compatibility</td>
+                      <td>Introduced in mod_ca 0.2.0 and works with Apache HTTP
+                        Server 2.4.0 and later</td>
+                    </tr>
+                  </tbody>
+                </table>
+
+                <p>Specify the LDAP bind/search timeout in seconds. Set to zero for no limit.</p>
+                
+              </div>
+            </section>
+
+            <section>
+              <header>
+                <h3>CALdapCertAttribute Directive</h3>
+              </header>
+              <div class="content">
+
+                <table>
+                  <tbody>
+                    <tr>
+                      <td>Description</td>
+                      <td>If specified, the certificate is stored in this attribute.</td>
+                    </tr>
+                    <tr>
+                      <td>Syntax</td>
+                      <td>
+                        <code>CALdapCertAttribute string</code>
+                      </td>
+                    </tr>
+                    <tr>
+                      <td>Default</td>
+                      <td>
+                        <code>none</code>
+                      </td>
+                    </tr>
+                    <tr>
+                      <td>Context</td>
+                      <td>server config, virtual host, directory, .htaccess</td>
+                    </tr>
+                    <tr>
+                      <td>Status</td>
+                      <td>
+                        <a href="mod_ca.html#backend">Backend</a>
+                      </td>
+                    </tr>
+                    <tr>
+                      <td>Module</td>
+                      <td>mod_ca_ldap</td>
+                    </tr>
+                    <tr>
+                      <td>Compatibility</td>
+                      <td>Introduced in mod_ca 0.2.0 and works with Apache HTTP
+                        Server 2.4.0 and later</td>
+                    </tr>
+                  </tbody>
+                </table>
+
+                <p>If specified, the certificate is stored in this attribute.</p>
+                
+              </div>
+            </section>
+
+            <section>
+              <header>
+                <h3>CALdapCertObjectClass Directive</h3>
+              </header>
+              <div class="content">
+
+                <table>
+                  <tbody>
+                    <tr>
+                      <td>Description</td>
+                      <td>If specified, the objectclass is added to the directory on storage.</td>
+                    </tr>
+                    <tr>
+                      <td>Syntax</td>
+                      <td>
+                        <code>CALdapCertObjectClass string</code>
+                      </td>
+                    </tr>
+                    <tr>
+                      <td>Default</td>
+                      <td>
+                        <code>none</code>
+                      </td>
+                    </tr>
+                    <tr>
+                      <td>Context</td>
+                      <td>server config, virtual host, directory, .htaccess</td>
+                    </tr>
+                    <tr>
+                      <td>Status</td>
+                      <td>
+                        <a href="mod_ca.html#backend">Backend</a>
+                      </td>
+                    </tr>
+                    <tr>
+                      <td>Module</td>
+                      <td>mod_ca_ldap</td>
+                    </tr>
+                    <tr>
+                      <td>Compatibility</td>
+                      <td>Introduced in mod_ca 0.2.0 and works with Apache HTTP
+                        Server 2.4.0 and later</td>
+                    </tr>
+                  </tbody>
+                </table>
+
+                <p>If specified, the objectclass is added to the directory on storage.</p>
+                
+              </div>
+            </section>
+
+            <section>
+              <header>
+                <h3>CALdapPasswordAttribute Directive</h3>
+              </header>
+              <div class="content">
+
+                <table>
+                  <tbody>
+                    <tr>
+                      <td>Description</td>
+                      <td>If specified, remove the password in this attribute on storage.</td>
+                    </tr>
+                    <tr>
+                      <td>Syntax</td>
+                      <td>
+                        <code>CALdapPasswordAttribute string</code>
+                      </td>
+                    </tr>
+                    <tr>
+                      <td>Default</td>
+                      <td>
+                        <code>none</code>
+                      </td>
+                    </tr>
+                    <tr>
+                      <td>Context</td>
+                      <td>server config, virtual host, directory, .htaccess</td>
+                    </tr>
+                    <tr>
+                      <td>Status</td>
+                      <td>
+                        <a href="mod_ca.html#backend">Backend</a>
+                      </td>
+                    </tr>
+                    <tr>
+                      <td>Module</td>
+                      <td>mod_ca_ldap</td>
+                    </tr>
+                    <tr>
+                      <td>Compatibility</td>
+                      <td>Introduced in mod_ca 0.2.0 and works with Apache HTTP
+                        Server 2.4.0 and later</td>
+                    </tr>
+                  </tbody>
+                </table>
+
+                <p>If specified, remove the password in this attribute on storage
+                  at the same time as we store the certificate.</p>
+                
+                <p>This allows the challengePassword to be treated as a one time
+                  password which will disappear when the certificate is issued.</p>
+                
+              </div>
+            </section>
+
+            <section>
+              <header>
+                <h3>CALdapPasswordObjectClass Directive</h3>
+              </header>
+              <div class="content">
+
+                <table>
+                  <tbody>
+                    <tr>
+                      <td>Description</td>
+                      <td>If specified, remove the objectclass along with the password on storage.</td>
+                    </tr>
+                    <tr>
+                      <td>Syntax</td>
+                      <td>
+                        <code>CALdapPasswordObjectClass string</code>
+                      </td>
+                    </tr>
+                    <tr>
+                      <td>Default</td>
+                      <td>
+                        <code>none</code>
+                      </td>
+                    </tr>
+                    <tr>
+                      <td>Context</td>
+                      <td>server config, virtual host, directory, .htaccess</td>
+                    </tr>
+                    <tr>
+                      <td>Status</td>
+                      <td>
+                        <a href="mod_ca.html#backend">Backend</a>
+                      </td>
+                    </tr>
+                    <tr>
+                      <td>Module</td>
+                      <td>mod_ca_ldap</td>
+                    </tr>
+                    <tr>
+                      <td>Compatibility</td>
+                      <td>Introduced in mod_ca 0.2.0 and works with Apache HTTP
+                        Server 2.4.0 and later</td>
+                    </tr>
+                  </tbody>
+                </table>
+
+                <p>If specified, remove the objectclass along with the password on storage
+                  at the same time as we store the certificate.</p>
+                
+                <p>This allows the challengePassword to be treated as a one time
+                  password which will disappear when the certificate is issued.</p>
+                
+              </div>
+            </section>
+
+            <section>
+              <header>
+                <h3>CALdapPathAttribute Directive</h3>
+              </header>
+              <div class="content">
+
+                <table>
+                  <tbody>
+                    <tr>
+                      <td>Description</td>
+                      <td>If specified, place the certificate path in this attribute on storage.</td>
+                    </tr>
+                    <tr>
+                      <td>Syntax</td>
+                      <td>
+                        <code>CALdapPasswordObjectClass string</code>
+                      </td>
+                    </tr>
+                    <tr>
+                      <td>Default</td>
+                      <td>
+                        <code>none</code>
+                      </td>
+                    </tr>
+                    <tr>
+                      <td>Context</td>
+                      <td>server config, virtual host, directory, .htaccess</td>
+                    </tr>
+                    <tr>
+                      <td>Status</td>
+                      <td>
+                        <a href="mod_ca.html#backend">Backend</a>
+                      </td>
+                    </tr>
+                    <tr>
+                      <td>Module</td>
+                      <td>mod_ca_ldap</td>
+                    </tr>
+                    <tr>
+                      <td>Compatibility</td>
+                      <td>Introduced in mod_ca 0.2.0 and works with Apache HTTP
+                        Server 2.4.0 and later</td>
+                    </tr>
+                  </tbody>
+                </table>
+
+                <p>If specified, place the certificate path in this attribute
+                  at the same time as we store the certificate.</p>
+
+                <p>The certificate path is stored as an CertificateExactAssertion
+                  as described by RFC 4523.</p>
+                
+              </div>
+            </section>
+
+            <section>
+              <header>
+                <h3>CALdapPathObjectClass Directive</h3>
+              </header>
+              <div class="content">
+
+                <table>
+                  <tbody>
+                    <tr>
+                      <td>Description</td>
+                      <td>If specified, add the objectclass along with the path on storage.</td>
+                    </tr>
+                    <tr>
+                      <td>Syntax</td>
+                      <td>
+                        <code>CALdapPathObjectClass string</code>
+                      </td>
+                    </tr>
+                    <tr>
+                      <td>Default</td>
+                      <td>
+                        <code>none</code>
+                      </td>
+                    </tr>
+                    <tr>
+                      <td>Context</td>
+                      <td>server config, virtual host, directory, .htaccess</td>
+                    </tr>
+                    <tr>
+                      <td>Status</td>
+                      <td>
+                        <a href="mod_ca.html#backend">Backend</a>
+                      </td>
+                    </tr>
+                    <tr>
+                      <td>Module</td>
+                      <td>mod_ca_ldap</td>
+                    </tr>
+                    <tr>
+                      <td>Compatibility</td>
+                      <td>Introduced in mod_ca 0.2.0 and works with Apache HTTP
+                        Server 2.4.0 and later</td>
+                    </tr>
+                  </tbody>
+                </table>
+
+                <p>If specified, add the objectclass along with the path
+                  at the same time as we store the certificate.</p>
+
+              </div>
+            </section>
+
+          </div>
+        </div>
+      </section>
+
+    </div>
+  </body>
+</html>
+



More information about the rs-commit mailing list