[rs-commit] r93 - in /rs-manual/trunk/src: main/modules.xml site/resources/images/mod_ca_ldap.png site/xhtml5/mod/mod_ca_ldap.xhtml5
rs-commit at redwax.eu
rs-commit at redwax.eu
Thu Oct 17 18:40:12 CEST 2019
Author: minfrin at redwax.eu
Date: Thu Oct 17 18:40:11 2019
New Revision: 93
Log:
Add docs for the mod_ca_ldap module.
Added:
rs-manual/trunk/src/site/resources/images/mod_ca_ldap.png (with props)
rs-manual/trunk/src/site/xhtml5/mod/mod_ca_ldap.xhtml5
Modified:
rs-manual/trunk/src/main/modules.xml
Modified: rs-manual/trunk/src/main/modules.xml
==============================================================================
--- rs-manual/trunk/src/main/modules.xml (original)
+++ rs-manual/trunk/src/main/modules.xml Thu Oct 17 18:40:11 2019
@@ -10,5 +10,6 @@
<module type="backend">mod_ca_crl</module>
<module type="backend">mod_ca_disk</module>
<module type="backend">mod_ca_engine</module>
+ <module type="backend">mod_ca_ldap</module>
<module type="backend">mod_ca_simple</module>
</modules>
Added: rs-manual/trunk/src/site/resources/images/mod_ca_ldap.png
==============================================================================
Binary file - no diff available.
Propchange: rs-manual/trunk/src/site/resources/images/mod_ca_ldap.png
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: rs-manual/trunk/src/site/xhtml5/mod/mod_ca_ldap.xhtml5
==============================================================================
--- rs-manual/trunk/src/site/xhtml5/mod/mod_ca_ldap.xhtml5 (added)
+++ rs-manual/trunk/src/site/xhtml5/mod/mod_ca_ldap.xhtml5 Thu Oct 17 18:40:11 2019
@@ -0,0 +1,941 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
+ <head>
+ <title>mod_ca_ldap Module</title>
+ <meta name="description" content="Read a certificate revocation list from a file on disk." />
+ <meta name="mod-ca-type" content="backend" />
+ </head>
+ <body>
+ <div class="index align-left">
+
+ <section class="wrapper style1 align-center"
+ id="introduction">
+ <div class="inner">
+ <h2>LDAP Backend Module</h2>
+ <p>Authorise the issuing of a certificate, and store the certificate issued
+ against an LDAP directory.</p>
+
+ <div class="index align-left">
+
+ <section>
+ <header>
+ <h3>What does it do?</h3>
+ </header>
+ <div class="content">
+
+ <p>
+ Based on configuration providing the details of an LDAP server,
+ the issuing of the certificate can be authorised in advance, and
+ the resulting issued certificate can be stored in an LDAP directory.
+ </p>
+
+ <p>
+ When storing the certificate, all modifications to the directory are
+ applied in a single transaction.
+ </p>
+
+ </div>
+ </section>
+
+ </div>
+ </div>
+ </section>
+
+
+ <section class="wrapper style1 align-center" id="integration">
+ <div class="inner">
+ <h2>Module Integration</h2>
+ <p>
+ The
+ <code>mod_ca_ldap</code>
+ module is a
+ <a href="mod_ca.html#backend">backend module</a>
+ and will not do anything useful until
+ <code>mod_ca_ldap</code>
+ has been combined with one or
+ more
+ <a href="mod_ca.html#frontend">frontend modules</a>
+ listed below. The
+ <code>mod_ca_ldap</code>
+ module uses the following hooks, and suitable
+ <a href="mod_ca.html#frontend">frontend modules</a>
+ must be configured to implement each protocol as needed.
+ </p>
+
+ <p>
+ All <a href="mod_ca.html#backend">backend modules</a> run within
+ a standard Apache httpd request, and standard httpd functionality
+ applies in all cases.
+ </p>
+
+ <div>
+ <img src="../images/mod_ca_ldap.png" style="width: 100%;" />
+ </div>
+
+ <div class="index align-left">
+
+ <section>
+ <header>
+ <h3>
+ <a href="mod_ca.html#ca_reqauthz">Request Authorization Hook</a>
+ </h3>
+ </header>
+ <div class="content">
+ <p>This optional hook allows you to verify the parameters
+ included with the certificate sign request, such as the
+ challenge password. If left unconfigured, all certificate
+ requests will be accepted.</p>
+ <p>The <a href="#CALdapUrl">CALdapUrl</a>
+ directive enables the <a href="mod_ca.html#ca_reqauthz">Request Authorization Hook</a>
+ in <a href="mod_ca_ldap.html">mod_ca_ldap</a>.</p>
+ <table>
+ <tbody>
+ <tr>
+ <td>
+ <a href="mod_csr.html">mod_csr</a>
+ </td>
+ <td>Generate and issue certificates in response to an X509
+ certificate request.</td>
+ </tr>
+ <tr>
+ <td>
+ <a href="mod_pkcs12.html">mod_pkcs12</a>
+ </td>
+ <td>Generate public/private key pairs and and issue certificates in response
+ to a application/x-www-form-urlencoded form request.</td>
+ </tr>
+ <tr>
+ <td>
+ <a href="mod_scep.html">mod_scep</a>
+ </td>
+ <td>Generate and issue certificates using the SCEP protocol.</td>
+ </tr>
+ <tr>
+ <td>
+ <a href="mod_spkac.html">mod_spkac</a>
+ </td>
+ <td>Generate and issue certificates using the SPKAC protocol.</td>
+ </tr>
+ </tbody>
+ </table>
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>
+ <a href="mod_ca.html#ca_certstore">Certificate Storage Hook</a>
+ </h3>
+ </header>
+ <div class="content">
+ <p>This optional hook allows the newly generated certificate to
+ be stored locally or in a database or directory. If left
+ unconfigured, no local copy of the certificate will be stored.</p>
+ <p>Both the <a href="#CALdapUrl">CALdapUrl</a>
+ directive and the <a href="#CALdapCertAttribute">CALdapCertAttribute</a>
+ directive enables the <a href="mod_ca.html#ca_certstore">Certificate Storage Hook</a>
+ in <a href="mod_ca_ldap.html">mod_ca_ldap</a>.</p>
+ <table>
+ <tbody>
+ <tr>
+ <td>
+ <a href="mod_csr.html">mod_csr</a>
+ </td>
+ <td>Generate and issue certificates in response to an X509
+ certificate request.</td>
+ </tr>
+ <tr>
+ <td>
+ <a href="mod_pkcs12.html">mod_pkcs12</a>
+ </td>
+ <td>Generate public/private key pairs and and issue certificates in response
+ to a application/x-www-form-urlencoded form request.</td>
+ </tr>
+ <tr>
+ <td>
+ <a href="mod_scep.html">mod_scep</a>
+ </td>
+ <td>Generate and issue certificates using the SCEP protocol.</td>
+ </tr>
+ <tr>
+ <td>
+ <a href="mod_spkac.html">mod_spkac</a>
+ </td>
+ <td>Generate and issue certificates using the SPKAC protocol.</td>
+ </tr>
+ </tbody>
+ </table>
+ </div>
+ </section>
+
+ </div>
+ </div>
+ </section>
+
+
+ <section class="wrapper style1 align-center"
+ id="directive-reference">
+ <div class="inner">
+ <h2>Examples</h2>
+ <div class="index align-left">
+
+ <section>
+ <header>
+ <h3>Verification Example</h3>
+ </header>
+ <div class="content">
+ <p>The simplest case: verify the issuing of the certificate. The certificate request
+ is expected to contain a challenge password, and we will attempt to
+ bind to the directory as the mapped user and challenge password.</p>
+<pre><code><![CDATA[
+# backend configuration:
+<IfModule mod_ca_simple.c>
+ # sign with this certificate...
+ CASimpleCertificate /etc/pki/tls/ca-cert.pem
+ # ...and private key
+ CASimpleKey /etc/pki/tls/ca-key.pem
+ # use system clock as the time source
+ CASimpleTime on
+ # assign a random serial number
+ CASimpleSerialRandom on
+</IfModule>
+<IfModule mod_ca_ldap.c>
+ # bind to this directory
+ CALdapUrl ${LDAP_BASEURL}?cn?sub?(objectclass=simpleSecurityObject)
+ CALdapBindDN "${LDAP_BINDDN}"
+ CALdapBindPassword ${LDAP_BINDPW}
+ # map the LDAP attribute 'cn' to the 'CN' element in the certificate subject when searching
+ CALdapSubject cn CN
+</IfModule>
+
+# frontend configuration:
+<IfModule mod_csr.c>
+ <Location /csr>
+ SetHandler csr
+ # use subject from the certificate sign request unmodified
+ CsrSubjectRequest *
+ </Location>
+</IfModule>
+]]></code></pre>
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>Storage Example</h3>
+ </header>
+ <div class="content">
+ <p>The storage case: verify the issuing of the certificate, and store the result in the directory.</p>
+<pre><code><![CDATA[
+# backend configuration:
+<IfModule mod_ca_simple.c>
+ # sign with this certificate...
+ CASimpleCertificate /etc/pki/tls/ca-cert.pem
+ # ...and private key
+ CASimpleKey /etc/pki/tls/ca-key.pem
+ # use system clock as the time source
+ CASimpleTime on
+ # assign a random serial number
+ CASimpleSerialRandom on
+</IfModule>
+<IfModule mod_ca_ldap.c>
+ # bind to this directory
+ CALdapUrl ${LDAP_BASEURL}?cn?sub?(objectclass=simpleSecurityObject)
+ CALdapBindDN "${LDAP_BINDDN}"
+ CALdapBindPassword ${LDAP_BINDPW}
+ # map the LDAP attribute 'cn' to the 'CN' element in the certificate subject when searching
+ CALdapSubject cn CN
+ # if the certificate was issued, remove the password
+ CALdapPasswordAttribute userPassword
+ # if the certificate was issued, remove the objectclass
+ CALdapPasswordObjectClass simpleSecurityObject
+ # if the certificate was issued, store it in the following attribute
+ CALdapCertAttribute userCertificate
+ # if the certificate was issued, add the following objectclass
+ CALdapCertObjectClass pkiUser
+</IfModule>
+
+# frontend configuration:
+<IfModule mod_csr.c>
+ <Location /csr>
+ SetHandler csr
+ # use subject from the certificate sign request unmodified
+ CsrSubjectRequest *
+ </Location>
+</IfModule>
+]]></code></pre>
+ </div>
+ </section>
+
+ </div>
+ </div>
+ </section>
+
+
+ <section class="wrapper style1 align-center"
+ id="directive-reference">
+ <div class="inner">
+ <h2>Directive Reference</h2>
+ <div class="index align-left">
+
+ <section>
+ <header>
+ <h3>CALdapUrl Directive</h3>
+ </header>
+ <div class="content">
+
+ <table>
+ <tbody>
+ <tr>
+ <td>Description</td>
+ <td>Set to a RFC 2255 compliant URL to define the LDAP connection.</td>
+ </tr>
+ <tr>
+ <td>Syntax</td>
+ <td>
+ <code>CALdapUrl url</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Default</td>
+ <td>
+ <code>none</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Context</td>
+ <td>server config, virtual host, directory, .htaccess</td>
+ </tr>
+ <tr>
+ <td>Status</td>
+ <td>
+ <a href="mod_ca.html#backend">Backend</a>
+ </td>
+ </tr>
+ <tr>
+ <td>Module</td>
+ <td>mod_ca_ldap</td>
+ </tr>
+ <tr>
+ <td>Compatibility</td>
+ <td>Introduced in mod_ca 0.2.0 and works with Apache HTTP
+ Server 2.4.0 and later</td>
+ </tr>
+ </tbody>
+ </table>
+
+ <p>Set to a RFC 2255 compliant URL to define the LDAP connection.</p>
+
+ <p>The URL is of the form ldap://host[:port]/basedn[?attrib[?scope[?filter]]].
+ </p>
+
+ <ul>
+ <li><code>host</code> is the name of the LDAP server. Use a space separated list of hosts
+ to specify redundant servers.</li>
+ <li><code>port</code> is optional, and specifies the port to connect to.</li>
+ <li><code>basedn</code> specifies the base DN to start searches from.</li>
+ <li><code>attrib</code> specifies what attribute to search for in the directory.</li>
+ <li><code>scope</code> is the scope of the search, and can be either <b>sub</b> or
+ <b>one</b>. If not provided, the default is <b>sub</b>.</li>
+ <li><code>filter</code> is a filter to use in the search. If not provided, defaults to
+ <b>(objectClass=*)</b></li>
+ </ul>
+
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>CALdapBindDN Directive</h3>
+ </header>
+ <div class="content">
+
+ <table>
+ <tbody>
+ <tr>
+ <td>Description</td>
+ <td>DN to use to bind to LDAP server. If not provided, will do an anonymous bind.</td>
+ </tr>
+ <tr>
+ <td>Syntax</td>
+ <td>
+ <code>CALdapBindDN string</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Default</td>
+ <td>
+ <code>none</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Context</td>
+ <td>server config, virtual host, directory, .htaccess</td>
+ </tr>
+ <tr>
+ <td>Status</td>
+ <td>
+ <a href="mod_ca.html#backend">Backend</a>
+ </td>
+ </tr>
+ <tr>
+ <td>Module</td>
+ <td>mod_ca_ldap</td>
+ </tr>
+ <tr>
+ <td>Compatibility</td>
+ <td>Introduced in mod_ca 0.2.0 and works with Apache HTTP
+ Server 2.4.0 and later</td>
+ </tr>
+ </tbody>
+ </table>
+
+ <p>DN to use to bind to LDAP server. If not provided, will do an anonymous bind.</p>
+
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>CALdapBindPassword Directive</h3>
+ </header>
+ <div class="content">
+
+ <table>
+ <tbody>
+ <tr>
+ <td>Description</td>
+ <td>Password to use to bind to LDAP server. If not provided, will do an anonymous bind.</td>
+ </tr>
+ <tr>
+ <td>Syntax</td>
+ <td>
+ <code>CALdapBindPassword string</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Default</td>
+ <td>
+ <code>none</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Context</td>
+ <td>server config, virtual host, directory, .htaccess</td>
+ </tr>
+ <tr>
+ <td>Status</td>
+ <td>
+ <a href="mod_ca.html#backend">Backend</a>
+ </td>
+ </tr>
+ <tr>
+ <td>Module</td>
+ <td>mod_ca_ldap</td>
+ </tr>
+ <tr>
+ <td>Compatibility</td>
+ <td>Introduced in mod_ca 0.2.0 and works with Apache HTTP
+ Server 2.4.0 and later</td>
+ </tr>
+ </tbody>
+ </table>
+
+ <p>Password to use to bind to LDAP server. If not provided, will do an anonymous bind.</p>
+
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>CALdapSubject Directive</h3>
+ </header>
+ <div class="content">
+
+ <table>
+ <tbody>
+ <tr>
+ <td>Description</td>
+ <td>Mapping from LDAP attribute to certificate subject element.</td>
+ </tr>
+ <tr>
+ <td>Syntax</td>
+ <td>
+ <code>CALdapSubject string string</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Default</td>
+ <td>
+ <code>none</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Context</td>
+ <td>server config, virtual host, directory, .htaccess</td>
+ </tr>
+ <tr>
+ <td>Status</td>
+ <td>
+ <a href="mod_ca.html#backend">Backend</a>
+ </td>
+ </tr>
+ <tr>
+ <td>Module</td>
+ <td>mod_ca_ldap</td>
+ </tr>
+ <tr>
+ <td>Compatibility</td>
+ <td>Introduced in mod_ca 0.2.0 and works with Apache HTTP
+ Server 2.4.0 and later</td>
+ </tr>
+ </tbody>
+ </table>
+
+ <p>Mapping from LDAP attribute to certificate subject element.</p>
+
+ <p>The first parameter is the LDAP attribute to be embedded in the
+ search filter.</p>
+
+ <p>The second parameter is the name or OID of the element in the
+ subject to be embedded as the value in the search filter.</p>
+
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>CALdapSubjectAltName Directive</h3>
+ </header>
+ <div class="content">
+
+ <table>
+ <tbody>
+ <tr>
+ <td>Description</td>
+ <td>Mapping from LDAP attribute to certificate subject alternate name element.</td>
+ </tr>
+ <tr>
+ <td>Syntax</td>
+ <td>
+ <code>CALdapSubjectAltName string string</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Default</td>
+ <td>
+ <code>none</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Context</td>
+ <td>server config, virtual host, directory, .htaccess</td>
+ </tr>
+ <tr>
+ <td>Status</td>
+ <td>
+ <a href="mod_ca.html#backend">Backend</a>
+ </td>
+ </tr>
+ <tr>
+ <td>Module</td>
+ <td>mod_ca_ldap</td>
+ </tr>
+ <tr>
+ <td>Compatibility</td>
+ <td>Introduced in mod_ca 0.2.0 and works with Apache HTTP
+ Server 2.4.0 and later</td>
+ </tr>
+ </tbody>
+ </table>
+
+ <p>Mapping from LDAP attribute to certificate subject alternate name element.</p>
+
+ <p>The first parameter is the LDAP attribute to be embedded in the
+ search filter.</p>
+
+ <p>The second parameter is the name or OID of the element in the
+ subject alternate name to be embedded as the value in the search filter.</p>
+
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>CALdapTimeout Directive</h3>
+ </header>
+ <div class="content">
+
+ <table>
+ <tbody>
+ <tr>
+ <td>Description</td>
+ <td>Specify the LDAP bind/search timeout in seconds.</td>
+ </tr>
+ <tr>
+ <td>Syntax</td>
+ <td>
+ <code>CALdapTimeout integer</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Default</td>
+ <td>
+ <code>CALdapTimeout 60</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Context</td>
+ <td>server config, virtual host, directory, .htaccess</td>
+ </tr>
+ <tr>
+ <td>Status</td>
+ <td>
+ <a href="mod_ca.html#backend">Backend</a>
+ </td>
+ </tr>
+ <tr>
+ <td>Module</td>
+ <td>mod_ca_ldap</td>
+ </tr>
+ <tr>
+ <td>Compatibility</td>
+ <td>Introduced in mod_ca 0.2.0 and works with Apache HTTP
+ Server 2.4.0 and later</td>
+ </tr>
+ </tbody>
+ </table>
+
+ <p>Specify the LDAP bind/search timeout in seconds. Set to zero for no limit.</p>
+
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>CALdapCertAttribute Directive</h3>
+ </header>
+ <div class="content">
+
+ <table>
+ <tbody>
+ <tr>
+ <td>Description</td>
+ <td>If specified, the certificate is stored in this attribute.</td>
+ </tr>
+ <tr>
+ <td>Syntax</td>
+ <td>
+ <code>CALdapCertAttribute string</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Default</td>
+ <td>
+ <code>none</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Context</td>
+ <td>server config, virtual host, directory, .htaccess</td>
+ </tr>
+ <tr>
+ <td>Status</td>
+ <td>
+ <a href="mod_ca.html#backend">Backend</a>
+ </td>
+ </tr>
+ <tr>
+ <td>Module</td>
+ <td>mod_ca_ldap</td>
+ </tr>
+ <tr>
+ <td>Compatibility</td>
+ <td>Introduced in mod_ca 0.2.0 and works with Apache HTTP
+ Server 2.4.0 and later</td>
+ </tr>
+ </tbody>
+ </table>
+
+ <p>If specified, the certificate is stored in this attribute.</p>
+
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>CALdapCertObjectClass Directive</h3>
+ </header>
+ <div class="content">
+
+ <table>
+ <tbody>
+ <tr>
+ <td>Description</td>
+ <td>If specified, the objectclass is added to the directory on storage.</td>
+ </tr>
+ <tr>
+ <td>Syntax</td>
+ <td>
+ <code>CALdapCertObjectClass string</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Default</td>
+ <td>
+ <code>none</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Context</td>
+ <td>server config, virtual host, directory, .htaccess</td>
+ </tr>
+ <tr>
+ <td>Status</td>
+ <td>
+ <a href="mod_ca.html#backend">Backend</a>
+ </td>
+ </tr>
+ <tr>
+ <td>Module</td>
+ <td>mod_ca_ldap</td>
+ </tr>
+ <tr>
+ <td>Compatibility</td>
+ <td>Introduced in mod_ca 0.2.0 and works with Apache HTTP
+ Server 2.4.0 and later</td>
+ </tr>
+ </tbody>
+ </table>
+
+ <p>If specified, the objectclass is added to the directory on storage.</p>
+
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>CALdapPasswordAttribute Directive</h3>
+ </header>
+ <div class="content">
+
+ <table>
+ <tbody>
+ <tr>
+ <td>Description</td>
+ <td>If specified, remove the password in this attribute on storage.</td>
+ </tr>
+ <tr>
+ <td>Syntax</td>
+ <td>
+ <code>CALdapPasswordAttribute string</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Default</td>
+ <td>
+ <code>none</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Context</td>
+ <td>server config, virtual host, directory, .htaccess</td>
+ </tr>
+ <tr>
+ <td>Status</td>
+ <td>
+ <a href="mod_ca.html#backend">Backend</a>
+ </td>
+ </tr>
+ <tr>
+ <td>Module</td>
+ <td>mod_ca_ldap</td>
+ </tr>
+ <tr>
+ <td>Compatibility</td>
+ <td>Introduced in mod_ca 0.2.0 and works with Apache HTTP
+ Server 2.4.0 and later</td>
+ </tr>
+ </tbody>
+ </table>
+
+ <p>If specified, remove the password in this attribute on storage
+ at the same time as we store the certificate.</p>
+
+ <p>This allows the challengePassword to be treated as a one time
+ password which will disappear when the certificate is issued.</p>
+
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>CALdapPasswordObjectClass Directive</h3>
+ </header>
+ <div class="content">
+
+ <table>
+ <tbody>
+ <tr>
+ <td>Description</td>
+ <td>If specified, remove the objectclass along with the password on storage.</td>
+ </tr>
+ <tr>
+ <td>Syntax</td>
+ <td>
+ <code>CALdapPasswordObjectClass string</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Default</td>
+ <td>
+ <code>none</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Context</td>
+ <td>server config, virtual host, directory, .htaccess</td>
+ </tr>
+ <tr>
+ <td>Status</td>
+ <td>
+ <a href="mod_ca.html#backend">Backend</a>
+ </td>
+ </tr>
+ <tr>
+ <td>Module</td>
+ <td>mod_ca_ldap</td>
+ </tr>
+ <tr>
+ <td>Compatibility</td>
+ <td>Introduced in mod_ca 0.2.0 and works with Apache HTTP
+ Server 2.4.0 and later</td>
+ </tr>
+ </tbody>
+ </table>
+
+ <p>If specified, remove the objectclass along with the password on storage
+ at the same time as we store the certificate.</p>
+
+ <p>This allows the challengePassword to be treated as a one time
+ password which will disappear when the certificate is issued.</p>
+
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>CALdapPathAttribute Directive</h3>
+ </header>
+ <div class="content">
+
+ <table>
+ <tbody>
+ <tr>
+ <td>Description</td>
+ <td>If specified, place the certificate path in this attribute on storage.</td>
+ </tr>
+ <tr>
+ <td>Syntax</td>
+ <td>
+ <code>CALdapPasswordObjectClass string</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Default</td>
+ <td>
+ <code>none</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Context</td>
+ <td>server config, virtual host, directory, .htaccess</td>
+ </tr>
+ <tr>
+ <td>Status</td>
+ <td>
+ <a href="mod_ca.html#backend">Backend</a>
+ </td>
+ </tr>
+ <tr>
+ <td>Module</td>
+ <td>mod_ca_ldap</td>
+ </tr>
+ <tr>
+ <td>Compatibility</td>
+ <td>Introduced in mod_ca 0.2.0 and works with Apache HTTP
+ Server 2.4.0 and later</td>
+ </tr>
+ </tbody>
+ </table>
+
+ <p>If specified, place the certificate path in this attribute
+ at the same time as we store the certificate.</p>
+
+ <p>The certificate path is stored as an CertificateExactAssertion
+ as described by RFC 4523.</p>
+
+ </div>
+ </section>
+
+ <section>
+ <header>
+ <h3>CALdapPathObjectClass Directive</h3>
+ </header>
+ <div class="content">
+
+ <table>
+ <tbody>
+ <tr>
+ <td>Description</td>
+ <td>If specified, add the objectclass along with the path on storage.</td>
+ </tr>
+ <tr>
+ <td>Syntax</td>
+ <td>
+ <code>CALdapPathObjectClass string</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Default</td>
+ <td>
+ <code>none</code>
+ </td>
+ </tr>
+ <tr>
+ <td>Context</td>
+ <td>server config, virtual host, directory, .htaccess</td>
+ </tr>
+ <tr>
+ <td>Status</td>
+ <td>
+ <a href="mod_ca.html#backend">Backend</a>
+ </td>
+ </tr>
+ <tr>
+ <td>Module</td>
+ <td>mod_ca_ldap</td>
+ </tr>
+ <tr>
+ <td>Compatibility</td>
+ <td>Introduced in mod_ca 0.2.0 and works with Apache HTTP
+ Server 2.4.0 and later</td>
+ </tr>
+ </tbody>
+ </table>
+
+ <p>If specified, add the objectclass along with the path
+ at the same time as we store the certificate.</p>
+
+ </div>
+ </section>
+
+ </div>
+ </div>
+ </section>
+
+ </div>
+ </body>
+</html>
+
More information about the rs-commit
mailing list