ldapget - Man Page

Tool used to fetch URLs via LDAP/LDAPS


ldapget [NSS database] <url>


A tool supplied with the Apache httpd mod_revocator plug-in used to demonstrate how CRLs can be fetched using LDAP/LDAPS without the use of any direct LDAP/LDAPS URLs.

The mod_revocator plug-in requires the mod_nss plug-in to also be registered with this Apache httpd process.

Prior to mod_revocator-1.0.3-16, this tool was located at /usr/bin/ldapget.


[NSS database]

Optionally specifies the destination directory where the NSS databases reside.  If this parameter is not provided, the location specified in mod_nss plug-in's /etc/httpd/conf.d/nss.conf configuration file will be utilized:

#   Server Certificate Database:
#   The NSS security database directory that holds the
#   certificates and keys. The database consists
#   of 3 files: cert8.db, key3.db and secmod.db.
#   Provide the directory that these files exist.
NSSCertificateDatabase /etc/httpd/alias

The LDAP/LDAPS URL utilized to fetch the CRL.  The following entry in mod_revocator plug-in's /etc/httpd/conf.d/revocator.conf configuration file contains a sample utilization of this executable (the line containing ldapget must be uncommented in order to be utilized):

#   CRL URLs:
#   A space delimited list of URLs to retrieve and install.
#        protocol://urldata;update_interval;max_age
#CRLFile "ldap://ldap.example.com:5000/o=example.net?
#CRLFile "exec:///usr/sbin/ldapget|ldap://ldap.example.com:
#CRLFile "https://ca.example.com:1025/getCRL?op=


Report bugs to http://bugzilla.redhat.com.


Rob Crittenden <rcritten@redhat.com>.


Jul 3 2013 Rob Crittenden