ldapget man page

ldapget — Tool used to fetch URLs via LDAP/LDAPS

Synopsis

ldapget [NSS database] <url>

Description

A tool supplied with the Apache httpd mod_revocator plug-in used to demonstrate how CRLs can be fetched using LDAP/LDAPS without the use of any direct LDAP/LDAPS URLs.

The mod_revocator plug-in requires the mod_nss plug-in to also be registered with this Apache httpd process.

Prior to mod_revocator-1.0.3-16, this tool was located at /usr/bin/ldapget.

Options

[NSS database]

Optionally specifies the destination directory where the NSS databases reside. If this parameter is not provided, the location specified in mod_nss plug-in's /etc/httpd/conf.d/nss.conf configuration file will be utilized:

# Server Certificate Database:
# The NSS security database directory that holds the
# certificates and keys. The database consists
# of 3 files: cert8.db, key3.db and secmod.db.
# Provide the directory that these files exist.
NSSCertificateDatabase /etc/httpd/alias
<url>

The LDAP/LDAPS URL utilized to fetch the CRL. The following entry in mod_revocator plug-in's /etc/httpd/conf.d/revocator.conf configuration file contains a sample utilization of this executable (the line containing ldapget must be uncommented in order to be utilized):

# CRL URLs:
# A space delimited list of URLs to retrieve and install.
# protocol://urldata;update_interval;max_age
#CRLFile "ldap://ldap.example.com:5000/o=example.net?
usercertificate%3binary?sub?(sn=Jensen)??;30;30"
#CRLFile "exec:///usr/sbin/ldapget|ldap://ldap.example.com:
3389/o=example.com?userCertificate%3bbinary?sub?
(uid=crl)??;30;30"
#CRLFile "https://ca.example.com:1025/getCRL?op=
getCRL&issuepoint=MasterCRL;30;30"

Bugs

Report bugs to http://bugzilla.redhat.com.

Authors

Rob Crittenden <rcritten@redhat.com>.

Info

Jul 3 2013 Rob Crittenden