다음 예에서는 LDAP 디렉토리에서 CA 인증서와 공개 키 및 해당 인증서를 검색하는 것을 보여 줍니다.
다음 예에서 -b 옵션에 정의된 기본 DN cn=SMIME admin, ou=people,o=demo.siroe.com,o=demo objectclass=*는 LDAP 디렉토리에 있는 하나의 CA 인증서를 설명합니다. 디렉토리에서 찾는 경우 ldapsearch는 인증서에 대한 정보를 ca-cert.lidf 파일에 반환합니다.
# ldapsearch -L -h demo.siroe.com -D "cn=Directory Manager" -w mypasswd -b "cn=SMIME admin, ou=people,o=demo.siroe.com,o=demo" "objectclass=*" > ca-cert.ldif |
아래 예에서는 ca-cert.ldif 파일의 검색 결과를 보여 줍니다. 파일 내용의 형식은 ldapsearch의 -L 옵션을 사용한 결과입니다.
# more ca-cert.ldif dn: cn=SMIME admin,ou=people,o=demo.siroe.com,o=demo objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: certificationAuthority cn: RootCACerts cn: SMIME admin sn: CA authorityRevocationList: novalue certificateRevocationList: novalue cacertificate;binary:: MFU01JTUUxEjAQBgNVBAsTCU1zZNlcnZlcjcMBoGA1UEAxMTydG QGEwJVEOMAwGA1UEChMFU0UUxEjAQBgNVBAsTCU1zZ1NlcnZlcjEcMBoGA1UEAxMTQ2VydG aFw0jAxMTIwODAwMDBaM267X9FExCzAJBgwyrjgNVBAk9STklBMQwwCgYDVQQVHR8EgaQwg YlVzMRMwEQYDVQQIEwpDQUx9STklBMQwwCgYDVQQKEwww3ltgoOYz11lzAdBgNVBpYSE9Vc 5yQuaddiiWlm899XBsYW5ljb20wgZ8wDQYJoGBAK1mUTy8vvO2nOFg4mlHjkghytQUR1k8l 5mcWRfL77ntm5mGXRD3XMciUq6zUfIg3ngvxlLKLyERTIqjUS8HQU4R5pvj+rrVgsAGjggE +FNAJmqtOV2A3wMyghqkDP3Aqq2BYfkcn4va3C5nRNAYxNNVE84JJ0H3jyPDXhMBlQU6vQn 1NABAAGjggEXMIIBEzglghkgBhvhCAQEEBApqlSai4mfuvjh02SQkoPMNDAgTwMB8GA1UdI QYMAFEd38IK05AHreOYc6v+ENMOwZMIGsBgNVHR8EgaQwgaEwb6BtoGuGaWxkYXA6Lyht74 tpbucmVkLmlwbGFuZY29tL1VJRD1DZXJ0aWZpY2F0ZSBNYW5hZ2VyLE9VPVBlb3BsZSxPPW 1haWYT9jZXJ0aWZpdu2medXRllHjkghytQURYFNrkuoCygKoYoaHR0cDovL3Bla2kghytQU luZyZWQuaXBsYW5ldb20vcGVraW5nLmNybDAeBgNVHREEFzAVgRNwb3J0aWEuc2hhb0BzdW 4uYtMA0GCxLm78Ufre3Pp078jyTaDv2ci1AudBL8+RrRUQvxsMJfZeFED+Uuf10Ilt6kwhm Tc6W5UekbirfEZGAVQIzlt6DQJfgpifGLvtQ60Kw== |
다음 예에서 -b 옵션에 정의된 기본 DN o=demo.siroe.com,o=demo objectclass=*는 LDAP 디렉토리의 기본 DN과 그 아래에서 발견된 모든 공개 키와 인증서를 usergroup.ldif 파일로 반환하도록 합니다.
# ldapsearch -L -h demo.siroe.com -D "cn=Directory Manager" -w mypasswd -b "o=demo.siroe.com,o=demo" "objectclass=*" > usergroup.ldif |
다음 예에서 -b 옵션에 정의된 기본 DN uid=JohnDoe, ou=people,o=demo.siroe.com,o=demo objectclass=*는 LDAP 디렉토리에 있는 하나의 공개 키와 해당 인증서를 설명합니다.
# ldapsearch -L -h demo.siroe.com -D "cn=Directory Manager" -w mypasswd -b "uid=JohnDoe, ou=people,o=demo.siroe.com,o=demo" "objectclass=*" > public-key.ldif |
아래 예는 public-key.ldif 파일의 검색 결과를 보여 줍니다. 파일 내용의 형식은 ldapsearch의 -L 옵션을 사용한 결과입니다.
# more public-key.ldif dn: uid=sdemo1, ou=people, o=demo.siroe.com, o=demo objectClass: top objectClass: person objectClass: organizationalPerson objectClass: siroe-am-managed-person objectClass: inetOrgPerson objectClass: inetUser objectClass: ipUser objectClass: userPresenceProfile objectClass: inetMailUser objectClass: inetLocalMailRecipient objectClass: icsCalendarUser objectClass: sunUCPreferences mail: JohnDoe@demo.siroe.com mailHost: demo.siroe.com . . uid: JohnDoe . . mailUserStatus: active inetUserStatus: active . . usercertificate;binary:: MFU01JTUUxEjAQBgNBAsTCU1zZ1NlcnZjcMBoGA1UEAxMTydG QGEwJEOwGA1UEChMFU01JTUUxEjAQBgNVBAsTCU1zZ1NlcnZlcjEcMBoGA1UEAxMTQ2VydG aFw0MTIwODAwMDBaM267hgbX9FExCzAJBgwyrjgNVBAk9STklBMQwwCgYDVQQVHR8EgaQwg YTAlVEQYDVQQIEwpDQUxJRk9STklBMQwwCgYDVQQKEwww3ltgoOYz11lzAdBgNVBpYSE9Vc 5yZWQdWlm899XBsYW5ldC5jb20wgZ8wDQYJoGBAK1mUTy8vvO2nOFg4mlHjkghytQUR1k8l 5mvgc7ntm5mGXRD3XMU4OciUq6zUfIg3ngvxlLKLyERTIqjUS8HQU4R5pvj+rrVgsAGjggE +FG9NmV2A3wMyghqkVPNDP3Aqq2BYfkcn4va3C5nRNAYxNNVE84JJ0H3jyPDXhMBlQU6vQn 1NAgMAgEXMIIBEzARBglghkgBhvhCAQEEBApqlSai4mfuvjh02SQkoPMNDAgTwMB8GA1UdI QYMBaEdK05AHreiU9OYc6v+ENMOwZMIGsBgNVHR8EgaQwgaEwb6BtoGuGaWxkYXA6Lyht74 tpbucmVkwbGFuZXQuY29tL1VJRD1DZXJ0aWZpY2F0ZSBNYW5hZ2VyLE9VPVBlb3BsZSxPPW 1haxYT9jZaWZpY2jdu2medXRllHjkghytQURYFNrkuoCygKoYoaHR0cDovL3Bla2kghytQU luZyZWQuaYW5ldC5jb20vcGVraW5nLmNybDAeBgNVHREEFzAVgRNwb3J0aWEuc2hhb0BzdW 4u9tMA0GC78UfreCxS3Pp078jyTaDv2ci1AudBL8+RrRUQvxsMJfZeFED+Uuf10Ilt6kwhm Tc6W5UekbirfEZGAVQIzlt6DQJfgpifGLvtQ60Kw== . . |