certidude icon indicating copy to clipboard operation
certidude copied to clipboard

Published 20 hours ago verified publisher icon laurivosandi

Feature Request: Publish certificates to LDAP

Open amaccuish opened this issue 7 years ago • 7 comments

If the user is authenticated via LDAP, it would be useful to publish the newly created certificate to the corresponding certificate attribute in Active Directory.

amaccuish avatar Oct 20 '17 15:10 amaccuish

Hello, could you please describe a usecase for this? How do you imagine receiving CSR-s in that case?

laurivosandi avatar Dec 27 '17 14:12 laurivosandi

The normal request process would apply, but it's useful so users can lookup certificates in Outlook for S/MIME etc.

amaccuish avatar Feb 23 '18 16:02 amaccuish

So you're saying you want to publish certificates issued to a particular user under the userCertificate attribute?

laurivosandi avatar Feb 23 '18 21:02 laurivosandi

Yes. So if someone authenticated using ldap or kerberos, we can find them in ldap and at time off issuance store the public key in ldap, overwriting usually anything that's there.

amaccuish avatar Feb 23 '18 21:02 amaccuish

This should be doable with one constraint - Certidude should not remove other certificates issued by some other CA. I have currently Estonian ID-card certificates attached to the user for example so issuing another certificate from Certidude should not break that.

laurivosandi avatar Feb 25 '18 19:02 laurivosandi

I have the exact same. My personal account has both an Estonian ID-card certificate and a internel ca signed cert.

amaccuish avatar Feb 25 '18 19:02 amaccuish

Maybe include some logic to replace only certificates issued by itself?

amaccuish avatar Feb 25 '18 19:02 amaccuish