-
Notifications
You must be signed in to change notification settings - Fork 146
Configuring PIN Authenticated Certificate Profile
Endi S. Dewata edited this page Mar 30, 2024
·
8 revisions
This document describes how to configure a PIN-authenticated certificate profile such as:
-
caDirPinUserCert: Directory-Pin-Authenticated User Dual-Use Certificate Enrollment
-
caECDirPinUserCert: Directory-Pin-Authenticated User Dual-Use ECC Certificate Enrollment
Prepare a publicly accessible LDAP subtree that contains users. Each user must be able to authenticate using a password. For example:
$ ldapadd -H ldap://$HOSTNAME -x -D "cn=Directory Manager" -w Secret.123 << EOF dn: ou=people,dc=example,dc=com objectclass: top objectclass: organizationalUnit ou: people aci: (target="ldap:///ou=people,dc=example,dc=com") (targetattr=objectClass||dc||ou||uid||cn||sn||givenName) (version 3.0; acl "Allow anyone to read and search basic attributes"; allow (search, read) userdn = "ldap:///anyone";) aci: (target="ldap:///ou=people,dc=example,dc=com") (targetattr=*) (version 3.0; acl "Allow anyone to read and search itself"; allow (search, read) userdn = "ldap:///self";) dn: uid=testuser,ou=people,dc=example,dc=com objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson uid: testuser cn: Test User sn: User userPassword: Secret.123 EOF
Verify the authentication using the following command:
$ ldapsearch \
-H ldap://$HOSTNAME \
-x \
-D "uid=testuser,ou=People,dc=example,dc=com" \
-w Secret.123 \
-b "dc=example,dc=com" \
"(objectClass=*)"
|
Tip
|
To find a page in the Wiki, enter the keywords in search field, press Enter, then click Wikis. |