<HTML ><HEAD ><TITLE >LDAP $B$K$h$k%G%8%?%k>ZL@=q$NH/9T(B</TITLE ><META NAME="GENERATOR" CONTENT="Modular DocBook HTML Stylesheet Version 1.54"><LINK REL="HOME" TITLE="LDAP Implementation HOWTO" HREF="index.html"><LINK REL="PREVIOUS" TITLE="Netscape $B%m!<%_%s%0%"%/%;%9(B" HREF="roaming.html"><LINK REL="NEXT" TITLE="SSL/TLS $B$H!"(BSSL/TLS $B$N(B LDAP $BMQ%i%C%Q(B" HREF="ssl.html"></HEAD ><BODY CLASS="SECT1" BGCOLOR="#FFFFFF" TEXT="#000000" ><DIV CLASS="NAVHEADER" ><TABLE WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TH COLSPAN="3" ALIGN="center" >LDAP Implementation HOWTO</TH ></TR ><TR ><TD WIDTH="10%" ALIGN="left" VALIGN="bottom" ><A HREF="roaming.html" >Prev</A ></TD ><TD WIDTH="80%" ALIGN="center" VALIGN="bottom" ></TD ><TD WIDTH="10%" ALIGN="right" VALIGN="bottom" ><A HREF="ssl.html" >Next</A ></TD ></TR ></TABLE ><HR ALIGN="LEFT" WIDTH="100%"></DIV ><DIV CLASS="SECT1" ><H1 CLASS="SECT1" ><A NAME="CERTIFICATES" >9. LDAP $B$K$h$k%G%8%?%k>ZL@=q$NH/9T(B</A ></H1 ><P >$B$3$N>O$N>GE@$O!"%G%8%?%k>ZL@=q$r(B LDAP $B%5!<%PFb$KH/9T$9$kJ}K!$K$"$j$^$9!#(B Certification Authority ($BG'>Z6I(B) $B$r1?1D$9$k$J$i%G%8%?%k>ZL@=q$rH/9T$9$kI,MW$,(B $B$"$j$^$9!#(BLDAP $B$X$NH/9T$O!"$3$N>pJs$r%M%C%H%o!<%/Fb$GMxMQ$G$-$k$h$&$K$9$k(B $B%7%s%W%k$JJ}K!$N$R$H$D$G$9!#$^$?!">ZL@=qBP1~%=%U%H%&%'%"$NB?$/$b!"(B $BK>$^$7$$%l%]%8%H%j$H$7$F!"%f!<%6>ZL@=q$K(B LDAP $B$rMQ$$$F$$$^$9!#(B</P ><P >$B$3$NJ}K!$G$O%f!<%6>ZL@=q$rB>$N%f!<%6>pJs$H0l=o$K$7$F$*$1$k$N$G!"(B $B%G!<%?$NL5BL$JJ#@=$,I,MW$J$/$J$j$^$9!#(B</P ><P >$B>ZL@=q$r<h$j07$&$K$O0E9f%D!<%k%-%C%H$,I,MW$G$9!#(B $B$3$3$G;HMQ$9$k$N$O(B OpenSSL $B$G$9!#(B</P ><DIV CLASS="SECT2" ><H2 CLASS="SECT2" ><A NAME="AEN822" >9.1. LDAP $B%5!<%P$N@_Dj(B</A ></H2 ><P >$B$3$3$G;HMQ$9$k(B LDAP $B%5!<%P$O(B OpenLDAP 2.0.x $B$G$9!#(B</P ><P >LDAP $B%5!<%P$O!">ZL@=q$r5-O?$9$k$?$a$NB0@-$r;}$F$k(B objectclass $B$r%5%]!<%H$7$F$$$J$/$F$O$J$j$^$;$s!#(B LDAP $B%5!<%PFb$K$OFC$K!"G'>Z6I>ZL@=q!">ZL@=qGK4~%j%9%H!"G'2DGK4~%j%9%H!"(B $B$=$7$F%(%s%I%f!<%6$N>ZL@=q$r5-O?$7$F$*$/I,MW$,$"$j$^$9!#(B</P ><P ><TT CLASS="FILENAME" >certificationAuthority</TT > $B$H$$$&(B objectclass $B$O(B <TT CLASS="FILENAME" >authorityRevocationList</TT > ($B$D$^$jG'2DGK4~%j%9%H(B), <TT CLASS="FILENAME" >certificateRevocationList</TT > ($B>ZL@=qGK4~%j%9%H(B), <TT CLASS="FILENAME" >cACertificate</TT > ($BG'>Z6I>ZL@=q(B) $B$H$$$&B0@-$r<BAu$7$^$9!#(B</P ><P ><TT CLASS="FILENAME" >inetOrgPerson</TT > $B$H$$$&(B objectclass $B$O(B <TT CLASS="FILENAME" >usercertificate</TT > ($B%f!<%6>ZL@=q(B) $B$H$$$&(B ($B%P%$%J%j$N(B) $BB0@-$r%5%]!<%H$7$^$9!#(B</P ><P >$B$^$?!"(B<TT CLASS="FILENAME" >strongAuthenticationUser</TT > $B$H$$$&:.9g(B objectclass $B$r;H$C$F!"Hs(B <TT CLASS="FILENAME" >inetOrgPerson</TT > $B%(%s%H%j$K(B $B>ZL@=q$rIU$1$k$3$H$b$G$-$^$9!#(B</P ><P >$B2<5-$N%9%-!<%^$r<+J,$N(B <TT CLASS="FILENAME" >slapd.conf</TT > $B%U%!%$%k$K(B $B4^$a$F!"I,MW$J%9%-!<%^$r(B OpenLDAP $B$K%$%s%/%k!<%I$7$F$/$@$5$$!#(B</P ><P ><TABLE BORDER="0" BGCOLOR="#E0E0E0" WIDTH="100%" ><TR ><TD ><FONT COLOR="#000000" ><PRE CLASS="PROGRAMLISTING" > include /usr/local/etc/openldap/schema/core.schema include /usr/local/etc/openldap/schema/cosine.schema include /usr/local/etc/openldap/schema/inetorgperson.schema</PRE ></FONT ></TD ></TR ></TABLE ></P ></DIV ><DIV CLASS="SECT2" ><H2 CLASS="SECT2" ><A NAME="AEN841" >9.2. $B>ZL@=q$NH/9T(B</A ></H2 ><P >$B>ZL@=q$O(B ASN.1 $B$N(B DER (Distinguished Encoding Rules) $B$r;H$C$F(B $B%(%s%3!<%I$5$l$^$9!#(B $B$=$N$?$a(B LDAP $B%5!<%PFb$K$O%P%$%J%j%G!<%?$G(B (BER $B%(%s%3!<%I$G(B) $BH/9T$5$l$J$/$F$O$J$j$^$;$s!#(B</P ><P >PEM $B>ZL@=q$O!"$3$N$h$&$K(B OpenSSL $B$r;H$C$F(B DER $B=q<0$KJQ49$G$-$^$9!#(B</P ><P ><TABLE BORDER="0" BGCOLOR="#E0E0E0" WIDTH="100%" ><TR ><TD ><FONT COLOR="#000000" ><PRE CLASS="PROGRAMLISTING" >openssl x509 -outform DER -in incert.pem -out outcert.der</PRE ></FONT ></TD ></TR ></TABLE ></P ><P >$B$=$&$9$k$H!"(BOpenLDAP $B$K$h$C$FDs6!$5$l$k(B <TT CLASS="FILENAME" >ldif</TT > $B$H$$$&%f!<%F%#%j%F%#$r;H$C$F(B LDIF $B%U%!%$%k$r:n@.$G$-$^$9!#$3$&$G$9!#(B</P ><P ><TABLE BORDER="0" BGCOLOR="#E0E0E0" WIDTH="100%" ><TR ><TD ><FONT COLOR="#000000" ><PRE CLASS="PROGRAMLISTING" >ldif -b "usercertificate;binary" < outcert.der > cert.ldif</PRE ></FONT ></TD ></TR ></TABLE ></P ><P >$B$3$N%3%^%s%I$O(B BASE64 $B$G%(%s%3!<%I$5$l$?(B usercertificate $BB0@-$r(B $B:n@.$7$^$9!#$3$N$h$&$K>ZL@=q$r(B LDIF $B%(%s%H%j$KDI2C$G$-$^$9$N$G!"$=$l$+$i(B <TT CLASS="FILENAME" >ldapmodify</TT > $B$r;H$C$F(B ($BLuCm!'%5!<%P>e$N(B) $B%(%s%H%j$K(B $B>ZL@=q$rDI2C$G$-$^$9!#(B</P ><P ><TABLE BORDER="0" BGCOLOR="#E0E0E0" WIDTH="100%" ><TR ><TD ><FONT COLOR="#000000" ><PRE CLASS="PROGRAMLISTING" >ldapmodify -x -W -D "cn=Manager,dc=yourorg,dc=com" -f cert.ldif </PRE ></FONT ></TD ></TR ></TABLE ></P ><P >$B$3$N(B <TT CLASS="FILENAME" >cert.ldif</TT > $B$O!"<!$N$h$&$J$b$N$r4^$s$G$$$^$9!#(B</P ><P ><TABLE BORDER="0" BGCOLOR="#E0E0E0" WIDTH="100%" ><TR ><TD ><FONT COLOR="#000000" ><PRE CLASS="PROGRAMLISTING" >dn: cn=user,ou=people,dc=yourorg,dc=com changetype: modify add: usercertificate usercertificate;binary:: MIIC2TCCAkKgAwIBAgIBADANBgkqhkiG9w0BAQQFADBGMQswCQYD VQQGEwJJVDENMAsGA1UEChMESU5GTjESMBAGA1UECxMJQXV0aG9yaXR5MRQwEgYDVQQDEwtJTkZO IENBICgyKTAeFw05OTA2MjMxMTE2MDdaFw0wMzA4MDExMTE2MDdaMEYxCzAJBgNVBAYTAklUMQ0w CwYDVQQKEwRJTkZOMRIwEAYDVQQLEwlBdXRob3JpdHkxFDASBgNVBAMTC0lORk4gQ0EgKDIpMIGf MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrHdRKJsobcjXz/OsGjyq8v73DbggG3JCGrQZ9f1Vm 9RrIWJPwggczqgxwWL6JLPKglxbUjAtUxiZm3fw2kX7FGMUq5JaN/Pk2PT4ExA7bYLnbLGZ9jKJs Dh4bNOKrGRIxRO9Ff+YwmH8EQdoVpSRFbBpNnoDIkHLc4DtzB+B4wwIDAQABo4HWMIHTMAwGA1Ud EwQFMAMBAf8wHQYDVR0OBBYEFK3QjOXGc4j9LqYEYTn9WvSRAcusMG4GA1UdIwRnMGWAFK3QjOXG c4j9LqYEYTn9WvSRAcusoUqkSDBGMQswCQYDVQQGEwJJVDENMAsGA1UEChMESU5GTjESMBAGA1UE CxMJQXV0aG9yaXR5MRQwEgYDVQQDEwtJTkZOIENBICgyKYIBADALBgNVHQ8EBAMCAQYwEQYJYIZI AYb4QgEBBAQDAgAHMAkGA1UdEQQCMAAwCQYDVR0SBAIwADANBgkqhkiG9w0BAQQFAAOBgQCDs5b1 jmbIYVq2epd5iDjQ109SJ/V7b6DFw2NIl8CWeDPOOjL1E5M8dnlmCDeTR2TlBxqUZaBBJZPqzFdv xpxqsHC0HfkCXAnUe5MaefFNAH9WbxoB/A2pkXtT6WGWed+QsL5wyKJaO4oD9UD5T+x12aGsHcsD Cy3EVEaGEOl+/A==</PRE ></FONT ></TD ></TR ></TABLE ></P ><P >$B$^$?!"(BLDIF $B%U%!%$%kFb$G>ZL@=q$r$3$N$h$&$K;XDj$9$k$3$H$b2DG=$G$9!#(B</P ><P ><TABLE BORDER="0" BGCOLOR="#E0E0E0" WIDTH="100%" ><TR ><TD ><FONT COLOR="#000000" ><PRE CLASS="PROGRAMLISTING" >userCertificate;binary:< file:///path/to/cert.der</PRE ></FONT ></TD ></TR ></TABLE ></P ></DIV ><DIV CLASS="SECT2" ><H2 CLASS="SECT2" ><A NAME="AEN862" >9.3. LDAP $BBP1~%/%i%$%"%s%H(B</A ></H2 ><P >$B%5!<%P$K>ZL@=q$r5-O?$7$F$+$i!"(B $B$=$l$r$I$&$d$C$F<h$j=P$9$N$+IT;W5D$K;W$&$+$b$7$l$^$;$s!#(B</P ><P >$BB>$N%/%i%$%"%s%H$HF1MM!"(BNetscape $B$O(B LDAP $B%5!<%P$+$i(B $B<+F0E*$K>ZL@=q$r<h$j=P$95!G=$r%5%]!<%H$7$F$$$^$9!#(B $B!V%;%-%e%j%F%#(B $B"*(B $B%f!<%6>ZL@=q(B $B"*(B $B%G%#%l%/%H%j$r8!:w!W$H$9$k$3$H$G!"(B LDAP $B%G%#%l%/%H%jFb$N>ZL@=q$r8!:w$7$F!"$=$l$r(B Netscape $B>ZL@=q%G!<%?%Y!<%9$K(B $B<+F0$G%$%s%9%H!<%k$9$k$3$H$,$G$-$k$N$G$9!#(B</P ><P >$B$3$NB>$K!">ZL@=q$X$N%5%]!<%H$NNI$$%/%i%$%"%s%H$K$O(B web2ldap (<A HREF="http://www.web2ldap.de/" TARGET="_top" >www.web2ldap.de</A >) $B$,$"$j$^$9!#(B</P ></DIV ></DIV ><DIV CLASS="NAVFOOTER" ><HR ALIGN="LEFT" WIDTH="100%"><TABLE WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" ><A HREF="roaming.html" >Prev</A ></TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" ><A HREF="index.html" >Home</A ></TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" ><A HREF="ssl.html" >Next</A ></TD ></TR ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" >Netscape $B%m!<%_%s%0%"%/%;%9(B</TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" > </TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" >SSL/TLS $B$H!"(BSSL/TLS $B$N(B LDAP $BMQ%i%C%Q(B</TD ></TR ></TABLE ></DIV ></BODY ></HTML >