LDAP Certstore Provider

The LDAP CertStore Provider implements a CertStore by querying an LDAP server that exposes a schema adhering to RFC2587. Notice the Directory Provider used to access LDAP in a more general way can also be used to implement a CertStore. The LDAP CertStore provider is offered for those that need the extra configuration options made available by the Bouncy Castle LDAP CertStore. These options give a little flexibility to deviate slightly from RFC2587, though retaining the same working principles.

One difference between the LDAP CertStore provider and the Directory Provider is the Base DN has a separate property instead of being bundled in the URL.

When the Search For Serial Number In property is not null, the serial number of the certificate is searched in this LDAP attribute. The remaining properties allow to give an alternate name for some of the LDAP attributes queried by the LDAP CertStore.

Property	Description
Name *	The name of the LDAP CertStore definition to add.
Description	A brief description of the use of this LDAP CertStore.
URL *	URL to reach LDAP directory. LDAP URL's are in the form ldap://host[:port]
Base DN	Base DN.
Search For Serial Number in	If not null the serial number of the certificate is searched in this LDAP attribute.
User Certificate Attribute	Attribute name(s) in the LDAP directory where end certificates are stored. Separated by space. Defaults to userCertificate.
CA Certificate Attribute	Attribute name(s) in the LDAP directory where CA certificates are stored. Separated by space. Defaults to cACertificate.
Cross-Certificate Attribute	Attribute name(s), where the cross certificates are stored. Separated by space. Defaults to crossCertificatePair.
Certificate Revocation List Attribute	Attribute name(s) in the LDAP directory where CRLs are stored. Separated by space. Defaults to certificateRevocationList.
LDAP User Certificate Attribute Name	The attribute name(s) in the LDAP directory where to search for the attribute value of the specified userCertificateSubjectAttributeName. For example, if cn is used to put information about the subject for end certificates, then specify cn. Defaults to cn.
LDAP CA Certificate Attribute Name	The attribute name(s) in the LDAP directory where to search for the attribute value of the specified cACertificateSubjectAttributeName. For example, if ou is used to put information about the subject for CA certificates, then specify ou. Defaults to: cn ou o.
LDAP Cross-Certificate Attribute Name	The attribute name(s) in the LDAP directory where to search for the attribute value of the specified crossCertificateSubjectAttributeName. For example, if o is used to put information about the subject for cross certificates, then specify o. Defaults to: cn ou o.
LDAP Certificate Revocation List Attribute Name	The attribute name(s) in the LDAP directory where to search for the attribute value of the specified certificateRevocationListIssuerAttributeName. For example, if ou is used to put information about the issuer of CRLs, specify ou. Defaults to: cn ou o.
User Certificate Subject Attribute Name	Attribute(s) in the subject of the certificate which is used to be searched in the ldapUserCertificateAttributeName. For example, the cn attribute of the DN could be used. Defaults to cn.
CA Certificate Subject Attribute Name	Attribute(s) in the subject of the certificate which is used to be searched in the ldapCACertificateAttributeName. For example, the ou attribute of the DN could be used. Defaults to: o ou.
Cross-Certificate Subject Attribute Name	Attribute(s) in the subject of the cross certificate which is used to be searched in the ldapCrossCertificateAttributeName. For example, the o attribute of the DN may be appropriate. Defaults to: o ou.
Certificate Revocation List Issuer Attribute Name	Attribute(s) in the issuer of the CRL which is used to be searched in the ldapCertificateRevocationListAttributeName. For example, the o or ou attribute may be used. Defaults to: o ou.

iWay Software