ldapget(8) [centos man page]
ldapget(8) ldapget(8) NAME
ldapget - Tool used to fetch URLs via LDAP/LDAPS SYNOPSIS
ldapget [NSS database] <url> DESCRIPTION
A tool supplied with the Apache httpd mod_revocator plug-in used to demonstrate how CRLs can be fetched using LDAP/LDAPS without the use of any direct LDAP/LDAPS URLs. The mod_revocator plug-in requires the mod_nss plug-in to also be registered with this Apache httpd process. Prior to mod_revocator-1.0.3-16, this tool was located at /usr/bin/ldapget. OPTIONS
[NSS database] Optionally specifies the destination directory where the NSS databases reside. If this parameter is not provided, the location specified in mod_nss plug-in's /etc/httpd/conf.d/nss.conf configuration file will be utilized: # Server Certificate Database: # The NSS security database directory that holds the # certificates and keys. The database consists # of 3 files: cert8.db, key3.db and secmod.db. # Provide the directory that these files exist. NSSCertificateDatabase /etc/httpd/alias <url> The LDAP/LDAPS URL utilized to fetch the CRL. The following entry in mod_revocator plug-in's /etc/httpd/conf.d/revocator.conf con- figuration file contains a sample utilization of this executable (the line containing ldapget must be uncommented in order to be utilized): # CRL URLs: # A space delimited list of URLs to retrieve and install. # protocol://urldata;update_interval;max_age #CRLFile "ldap://ldap.example.com:5000/o=example.net? usercertificate%3binary?sub?(sn=Jensen)??;30;30" #CRLFile "exec:///usr/sbin/ldapget|ldap://ldap.example.com: 3389/o=example.com?userCertificate%3bbinary?sub? (uid=crl)??;30;30" #CRLFile "https://ca.example.com:1025/getCRL?op= getCRL&issuepoint=MasterCRL;30;30" BUGS
Report bugs to http://bugzilla.redhat.com. AUTHORS
Rob Crittenden <rcritten@redhat.com>. COPYRIGHT
Copyright (c) 2013 Red Hat, Inc. This is licensed under the Apache License, Version 2.0 (the "License"); no one may use this file except in compliance with the License. A copy of this license is available at http://www.apache.org/licenses/LICENSE-2.0. Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITH- OUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. Rob Crittenden Jul 3 2013 ldapget(8)
Check Out this Related Man Page
crlhelper(8) crlhelper(8) NAME
crlhelper - Helper program used to store-and-forward CRLs SYNOPSIS
crlhelper <semid> <parentpid> <directory> [prefix] DESCRIPTION
A helper program used by the Apache httpd mod_revocator plug-in to store-and-forward CRLs from upstream to the various Apache processes in the preform MPM. This saves each process from having to fetch the CRL itself. This is not expected to be run by end-users. The mod_revocator plug-in requires the mod_nss plug-in to also be registered with this Apache httpd process. Whenever an Apache httpd process configured to use the mod_revocator plug-in is started, this program will be automatically invoked via reference to the mod_revocator configuration file stored under /etc/httpd/conf.d/revocator.conf which contains the following default entry: # CRL Helper: # This helper program does the actual CRL retrieval # # NOTE: Located at '/usr/bin/crlhelper' prior # to 'mod_revocator-1.0.3-16'. # CRLHelper /usr/libexec/crlhelper OPTIONS
<semid> The semaphore which corresponds to the mod_revocator plug-in registered with the Apache httpd process during startup. <parentpid> The primary parent pid of the Apache httpd process into which both the mod_nss and mod_revocator plug-ins have been loaded. <directory> Since the mod_revocator plug-in depends upon the mod_nss plug-in being configured, this option specifies the destination directory of the NSS databases that will be associated with this executable specified by the following entry in the mod_nss plug-in's /etc/httpd/conf.d/nss.conf configuration file: # Server Certificate Database: # The NSS security database directory that holds the # certificates and keys. The database consists # of 3 files: cert8.db, key3.db and secmod.db. # Provide the directory that these files exist. NSSCertificateDatabase /etc/httpd/alias [prefix] Optional prefix to attach prior to the names of the NSS certificate and key databases contained in the directory referenced by the previous argument and specified by the following entry in mod_nss plug-in's /etc/httpd/conf.d/nss.conf configuration file (must be uncommented in order to be utilized): # Database Prefix: # In order to be able to store multiple NSS databases # in one directory they need unique names. This option # sets the database prefix used for cert8.db and key3.db. #NSSDBPrefix my-prefix- BUGS
Report bugs to http://bugzilla.redhat.com. AUTHORS
Rob Crittenden <rcritten@redhat.com>. COPYRIGHT
Copyright (c) 2013 Red Hat, Inc. This is licensed under the Apache License, Version 2.0 (the "License"); no one may use this file except in compliance with the License. A copy of this license is available at http://www.apache.org/licenses/LICENSE-2.0. Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITH- OUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. Rob Crittenden Jul 3 2013 crlhelper(8)