1ldapget(8)                                                          ldapget(8)
2
3
4

NAME

6       ldapget - Tool used to fetch URLs via LDAP/LDAPS
7
8

SYNOPSIS

10       ldapget [NSS database] <url>
11
12

DESCRIPTION

14       A  tool  supplied  with  the Apache httpd mod_revocator plug-in used to
15       demonstrate how CRLs can be fetched using LDAP/LDAPS without the use of
16       any direct LDAP/LDAPS URLs.
17
18       The  mod_revocator plug-in requires the mod_nss plug-in to also be reg‐
19       istered with this Apache httpd process.
20
21       Prior   to   mod_revocator-1.0.3-16,   this   tool   was   located   at
22       /usr/bin/ldapget.
23
24

OPTIONS

26       [NSS database]
27              Optionally  specifies  the  destination  directory where the NSS
28              databases reside.  If this parameter is not provided, the  loca‐
29              tion  specified  in mod_nss plug-in's /etc/httpd/conf.d/nss.conf
30              configuration file will be utilized:
31
32                  #   Server Certificate Database:
33                  #   The NSS security database directory that holds the
34                  #   certificates and keys. The database consists
35                  #   of 3 files: cert8.db, key3.db and secmod.db.
36                  #   Provide the directory that these files exist.
37                  NSSCertificateDatabase /etc/httpd/alias
38
39       <url>
40              The LDAP/LDAPS URL utilized to fetch  the  CRL.   The  following
41              entry   in   mod_revocator  plug-in's  /etc/httpd/conf.d/revoca‐
42              tor.conf configuration file contains  a  sample  utilization  of
43              this executable (the line containing ldapget must be uncommented
44              in order to be utilized):
45
46                  #   CRL URLs:
47                  #   A space delimited list of URLs to retrieve and install.
48                  #        protocol://urldata;update_interval;max_age
49                  #CRLFile "ldap://ldap.example.com:5000/o=example.net?
50                  usercertificate%3binary?sub?(sn=Jensen)??;30;30"
51                  #CRLFile "exec:///usr/sbin/ldapget|ldap://ldap.example.com:
52                  3389/o=example.com?userCertificate%3bbinary?sub?
53                  (uid=crl)??;30;30"
54                  #CRLFile "https://ca.example.com:1025/getCRL?op=
55                  getCRL&issuepoint=MasterCRL;30;30"
56
57

BUGS

59       Report bugs to http://bugzilla.redhat.com.
60
61

AUTHORS

63       Rob Crittenden <rcritten@redhat.com>.
64
65
67       Copyright (c) 2013 Red Hat, Inc. This  is  licensed  under  the  Apache
68       License,  Version  2.0 (the "License"); no one may use this file except
69       in compliance with the License. A copy of this license is available  at
70       http://www.apache.org/licenses/LICENSE-2.0.
71
72       Unless  required  by  applicable  law or agreed to in writing, software
73       distributed under the License is distributed on an "AS IS" BASIS, WITH‐
74       OUT  WARRANTIES  OR  CONDITIONS OF ANY KIND, either express or implied.
75       See the License for the specific  language  governing  permissions  and
76       limitations under the License.
77
78
79
80Rob Crittenden                    Jul 3 2013                        ldapget(8)
Impressum