ldapget [NSS database] <url>
A tool supplied with the Apache httpd mod_revocator plug-in used to demonstrate how CRLs can be fetched using LDAP/LDAPS without the use of any direct LDAP/LDAPS URLs.
The mod_revocator plug-in requires the mod_nss plug-in to also be registered with this Apache httpd process.
Prior to mod_revocator-1.0.3-16, this tool was located at /usr/bin/ldapget.
- [NSS database]
Optionally specifies the destination directory where the NSS databases reside. If this parameter is not provided, the location specified in mod_nss plug-in's /etc/httpd/conf.d/nss.conf configuration file will be utilized:
# Server Certificate Database: # The NSS security database directory that holds the # certificates and keys. The database consists # of 3 files: cert8.db, key3.db and secmod.db. # Provide the directory that these files exist. NSSCertificateDatabase /etc/httpd/alias
The LDAP/LDAPS URL utilized to fetch the CRL. The following entry in mod_revocator plug-in's /etc/httpd/conf.d/revocator.conf configuration file contains a sample utilization of this executable (the line containing ldapget must be uncommented in order to be utilized):
# CRL URLs: # A space delimited list of URLs to retrieve and install. # protocol://urldata;update_interval;max_age #CRLFile "ldap://ldap.example.com:5000/o=example.net? usercertificate%3binary?sub?(sn=Jensen)??;30;30" #CRLFile "exec:///usr/sbin/ldapget|ldap://ldap.example.com: 3389/o=example.com?userCertificate%3bbinary?sub? (uid=crl)??;30;30" #CRLFile "https://ca.example.com:1025/getCRL?op= getCRL&issuepoint=MasterCRL;30;30"
Report bugs to http://bugzilla.redhat.com.
Rob Crittenden <firstname.lastname@example.org>.
Copyright (c) 2013 Red Hat, Inc. This is licensed under the Apache License, Version 2.0 (the "License"); no one may use this file except in compliance with the License. A copy of this license is available at http://www.apache.org/licenses/LICENSE-2.0.
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.