Using the Certificate Mapping API

ldapu_cert_to_ldap_entry()

Finds the directory entry for the certificate subject.

Syntax

NSAPI_PUBLIC 
int ldapu_cert_to_ldap_entry (void *cert, LDAP *ld, 
      const char *basedn, LDAPMessage **res);

Parameters

This function has the following parameters:


Name	Description
cert	Certificate whose subject you want to find. The certificate search function attempts to find the certificate subject's entry in the directory. If you need to get information about this certificate, you can pass the `cert` argument to the `ldapu_get_cert_*()` functions.
ld	Handle to the connection to the directory server. If you need to access the directory and perform LDAP operations, you can pass this handle as an argument to the `ldap_*()` functions
basedn	If the server cannot create a base DN for the certificate subject DN, use this `basedn` instead to begin the search.
res	Result of the search for directory entries matching the certificate subject. When done with the `res` argument, you should free the argument by calling the `ldap_msgfree(res)` function.

Returns

Returns one of the following values:

LDAPU_SUCCESS, if the function was successful.

An error code, if a problem occurred. (You can pass this error code to ldapu_err2string() to get more information on the problem.)

Description

This function extracts certificate information from a certificate and uses this information to find the entry for the certificate's subject.

Essentially, this function does the following:

Gets the name of the certificate authority (CA) from the certificate.
Find the settings for that CA in the certmap.conf file. If the CA does not have an entry in the configuration file, the default entry is used.
Calls the certificate mapping function for that CA (see "CertMapFn_t (Mapping Function)").
- If you have defined your own certificate mapping function for this CA (see "Configuring the Server to Use Your Functions"), the server calls your function.
Passes the resulting base DN and search filter to the certificate search function for that CA (see "CertSearchFn_t (Search Function)").
- If you have defined your own certificate search function for this CA (see "Configuring the Server to Use Your Functions"), the server calls your function.
If the certificate configuration file contains a verifycert on entry, passes the results of the search function to the certificate verification function for that CA (see "CertVerifyFn_t (Verification Function)").
- If you have defined your own certificate verification function for this CA (see "CertVerifyFn_t (Verification Function)"), the server calls your function.
If there is only one matching entry at the end, the mapping is successful.
If successful, the function returns the result of the LDAP search in the res argument. The first entry in the res argument is the matching user's entry. You can get this entry by calling the ldap_first_entry() function, which is one of the functions in the LDAP API provided with the Netscape Directory SDK.

For more information on the ldap_first_entry() function, see the Directory SDK Programmer's Guide.

ldapu_cert_to_ldap_entry()

Syntax

Parameters

Returns

Description

See Also