Menu
▾
▴
Re: [Ejbca-develop] Using LDAP as EndEntity DB?
|
From: ejbca-support <ejb...@pr...> - 2012-10-21 07:08:15
|
On 2012-10-21 05:58, Juan Caracoche wrote: > Hi all, > I have a LDAP directory with several users and I need to setup a CA to generate certificates for those persons. > > As I can saw, to enroll a browser cert, a username/password is required because, in the CertificateData table, there is an association between the username and the cert. > > I developed a CustomUserDataSource hoping that the EJBCA will ask it for the user but I couldn't figure out how to do that because my CustomUserDataSource wasn't executed. Additionally, the CustomUserDataSource... It should be executed with the search end entity form? What you probably need to do is creating an external enrollment web-application where you begin defining the flow. The most important is how you intend to authenticate the user. EJBCA is in situations like this better suited as the "certificate factory" than the actual UI. EJBCA's user-table will in such scenarios only be used for technically holding certificate data. The user name could for example be the entity's subject DN or other unique entity data. It is technically fairly easy reusing the EJBCA public web which does the browser-part if you have done the EJBCA user-registration/setup in the external enrollment application (using Web Services). Cheers, Anders tech suppport > > I already have a publisher to update de LDAP but I want to know if there is any way to integrate an external User DB (LDAP) to generate browser certificates. I don't want to have the user duplicated (LDAP and EJBCA's UserData table). > > I will appreciate your answer... > > Thank you > > Juan > > > This body part will be downloaded on demand. > > > This body part will be downloaded on demand. |
