Menu
▾
▴
Re: [Ejbca-develop] Using LDAP as EndEntity DB?
|
From: ejbca-support <ejb...@pr...> - 2012-10-23 07:42:13
|
On 2012-10-22 19:01, Juan Caracoche wrote: > Thank you! > > As I could see, all the API (EJB, WS) needs an username and password to do findUser() into the EJBCA's user-table. I need to generate certificates to users that aren´t into the EJBCA's user-table, so I will do a web app to authenticate the user ans then If the user don't exist in the EJBCA's DB, I will create them with the createUser API (using the LDAP's CN as username and a fixed password) and then I could call the generatePKCS10Req to get the cert. > > This is the only way that I could find to integrate an external LDAP with EJBCA. This is a good approach or there is any other method which could be better? It essentially boils down to what kind of enrollment-client you use. For a smart card-based system you typically perform CertficateRequest which creates all EJBCA structures needed: http://www.ejbca.org/ws/org/ejbca/core/protocol/ws/client/gen/EjbcaWS.html#certificateRequest(org.ejbca.core.protocol.ws.client.gen.UserDataVOWS, java.lang.String, int, java.lang.String, java.lang.String) If you on the other hand do browser-enrollment you rather would do: http://www.ejbca.org/ws/org/ejbca/core/protocol/ws/client/gen/EjbcaWS.html#editUser(org.ejbca.core.protocol.ws.client.gen.UserDataVOWS) and then use the public web for the enrollment. Cheers, Anders tech support > > Thank you! > > 2012/10/22 Tomas Gustavsson <to...@pr... <mailto:to...@pr...>> > > > Hi, > > As it says in the doc, > http://www.ejbca.org/adminguide.html#Framework%20for%20External%20User%20Data%20Sources. > There is no admin GUI support for using UserDataSources to import data. > > Currently there is no trivial way to avoid duplication between the two > databases. There are plenty of good integration options however to > integrate both back and forward to/from EJBCA. For example when managing > users in your other tool, what is needed din EJBCA will happen > automagically. > > Cheers, > Tomas > > On 10/21/2012 05:58 AM, Juan Caracoche wrote: > > Hi all, > > I have a LDAP directory with several users and I need to setup a CA to > > generate certificates for those persons. > > > > As I can saw, to enroll a browser cert, a username/password is required > > because, in the CertificateData table, there is an association between > > the username and the cert. > > > > I developed a CustomUserDataSource hoping that the EJBCA will ask it for > > the user but I couldn't figure out how to do that because my > > CustomUserDataSource wasn't executed. Additionally, the > > CustomUserDataSource... It should be executed with the search end entity > > form? > > > > I already have a publisher to update de LDAP but I want to know if there > > is any way to integrate an external User DB (LDAP) to generate browser > > certificates. I don't want to have the user duplicated (LDAP and EJBCA's > > UserData table). > > > > I will appreciate your answer... > > > > Thank you > > > > Juan > > > > > > ------------------------------------------------------------------------------ > > Everyone hates slow websites. So do we. > > Make your web apps faster with AppDynamics > > Download AppDynamics Lite for free today: > > http://p.sf.net/sfu/appdyn_sfd2d_oct > > > > > > > > _______________________________________________ > > Ejbca-develop mailing list > > Ejb...@li... <mailto:Ejb...@li...> > > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > > > > ------------------------------------------------------------------------------ > Everyone hates slow websites. So do we. > Make your web apps faster with AppDynamics > Download AppDynamics Lite for free today: > http://p.sf.net/sfu/appdyn_sfd2d_oct > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... <mailto:Ejb...@li...> > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > > > > -- > > > > Juan Caracoche | Business Developer > jua...@re... <mailto:jua...@re...> > Mobile: +54.911.4198.8941 > www.redb.ee <http://www.redb.ee> > > > > ------------------------------------------------------------------------------ > Everyone hates slow websites. So do we. > Make your web apps faster with AppDynamics > Download AppDynamics Lite for free today: > http://p.sf.net/sfu/appdyn_sfd2d_oct > > > > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > |
