此範例展示了將郵件使用者的公開金鑰和憑證增加至 LDAP 目錄。假設 LDAP 目錄中已經存在該郵件使用者。將金鑰和憑證及其所屬的 LDAP 項目輸入名為 add-public-cert.ldif 的 . .ldif 檔案中。除金鑰和憑證資訊必須以 Base64 編碼文字輸入該檔案外,所有文字都必須以 ASCII 文字輸入。
dn: uid=JohnDoe,ou=People, o=demo.siroe.com,o=demo changetype: modify replace: usercertificate usercertificate;binary:: MFU01JTUUxEjAQBgNVBAsT1zZ1NlcnZlcjMBoGA1UEAxMTydG QGEwJVUzEAwGA1hMFU01JTUUxEjAQBgNVBAsTCU1zZ1NlcnZlcjEcMBoGA1UEAxMTQ2VydG aFw0wNjAxMTODAwaM267hgbX9FExCzAJBgwyrjgNVBAk9STklBMQwwCgYDVQQVHR8EgaQwg AlVzMRMwEQYDVQQIDQUxJRk9STklBMQwwCgYDVQQKEwww3ltgoOYz11lzAdBgNVBpYSE9Vc 5yZWaddiiWlm899XBsYW5ldb20wgZ8wDQYJoGBAK1mUTy8vvO2nOFg4mlHjkghytQUR1k8l 5mvgcWL77ntm5mGXRD3XMU4OcizUfIg3ngvxlLKLyERTIqjUS8HQU4R5pvj+rrVgsAGjggE +FG9NAqtOV2A3wMyghqkVPNDP3Aqq2BYfkcn4va3RNAYxNNVE84JJ0H3jyPDXhMBlQU6vQn 1NAgMBGjggEXMIIBEzARBglghkgBhvhCAQEEBApqlSai4mfuvjh02SQMNDAgTwMB8GA1UdI QYMBaEd38IK05AHreiU9OYc6v+ENMOwZMIGsBgNVHR8EgaQwgaEwb6BuGaWxkYXA6Lyht74 tpbmcmVkLmlwbGFuZXQuY29tL1VJRD1DZXJ0aWZpY2F0ZSBNYW5hZ2V9VPVBlb3BsZSxPPW 1haWxT9jZXJ0aWZpY2jdu2medXRllHjkghytQURYFNrkuoCygKoYoaHDovL3Bla2kghytQU luZy5WQuaXBsYW5ldC5jb20vcGVraW5nLmNybDAeBgNVHREEFzAVgRNw0aWEuc2hhb0BzdW 4uY29A0GCxLm78UfreCxS3Pp078jyTaDv2ci1AudBL8+RrRUQvxsMJfZD+Uuf10Ilt6kwhm Tc6W5UekbirfEZGAVQIzlt6DQJfgpifGLvtQ60Kw==
使用 ldapmodify 指令將公開金鑰和憑證增加至 LDAP 目錄︰
# ldapmodify -a -h demo.siroe.com -D "cn=Directory Manager" -w mypasswd -v -f add-public-cert.ldif |
smime.conf 中的 certurl 參數值指定公開金鑰及其憑證在 LDAP 目錄中的位置。範例 2,certurl 設定為︰
certurl==ldap://demo.siroe.com:389/ou=people, o=demo.siroe.com, o=demo?userCertificate;binary?sub?