search for: x500uniqueidentifier

Dear dovecot experts: We are using client certificates to authenthicate against a Dovecot server. Our certificates contain a x500UniqueIdentifier. I'm absolutely sure that the value of the x500UniqueIdentifier was stored into the AUTH_USER when I tested my setup last year. This has somehow changed and now AUTH_USER always contains the username. This has fatal consequences as now every owner of a valid certificate can logon as any user....

Hi, please have a look at the attached patch for dovecot-1.0.3 These patch modifies ssl_proxy_get_peer_name() to use the NID_x500UniqueIdentifier as username instead of NID_commonName. The reason is, that the Common Name doesn't have to be unique for the whole mailserver. Example; in germany a lot of people got the first name "Andreas" and the last name "Schulz". Therefore a lot of certificates exists with subjects...

...done via a checkpassword program that does two things: 1) check wether the client has connected via SSL using a client certificate 2) check wether the client is using a one time password generator Most of our users are using certificates that we have created ourself. These certificates contain a x500uniqueidentifier. But some users are using certificates from a german trust center and these certificates do not contain a x500uniqueIdentifier nor something similar. I would like to map these certificates to user accounts and my first idea was to do so from my checkpassword programm. But how do I find out the c...

...limit = 2048 protocols = imap listen = * base_dir = /var/dovecot/ mail_location = maildir:/mail/%u:LAYOUT=fs ssl_cert = </etc/ssl/certs/naev+chain.crt ssl_key = </etc/ssl/private/naev.key ssl_ca = </etc/ssl/certs/naev-ca.crt ssl_verify_client_cert = yes ssl_cert_username_field = x500UniqueIdentifier auth_ssl_username_from_cert = yes service imap-login { inet_listener imap { port = 0 } } service auth { client_limit = 4096 } service anvil { client_limit = 5000 } passdb { driver = checkpassword args = /usr/dovecot/bin/checkpassword } userdb { driver = passwd ov...

...he matching CRL(s). (e.g. ssl_ca = </etc/ssl/certs/ca.pem) #ssl_ca = # Request client to send a certificate. If you also want to require it, set # auth_ssl_require_client_cert=yes in auth section. #ssl_verify_client_cert = no # Which field from certificate to use for username. commonName and # x500UniqueIdentifier are the usual choices. You'll also need to set # auth_ssl_username_from_cert=yes. #ssl_cert_username_field = commonName # How often to regenerate the SSL parameters file. Generation is quite CPU # intensive operation. The value is in hours, 0 disables regeneration # entirely. #ssl_parameters_r...

...netscapemailserver objectClass: nsmailclient objectClass: ntuser objectClass: sambaSamAccount objectClass: proxyaccess objectClass: jabberaccess uid: kenneth.oncinian preferredLanguage: en cn: Kenneth Oncinian homeDirectory: /var/mail/vhost/kenneth.oncinian ou: Information Systems Department (ISD) x500UniqueIdentifier: mailAlternateAddress: koncinian at gmail.com ntUserDomainId: kenneth.oncinian ntUserCreateNewAccount: true ntUserDeleteAccount: true sambaSID: S-1-5-21-1685363153-499155089-1962420841-3000 sambaPrimaryGroupSID: S-1-5-21-1685363153-499155089-1962420841-3001 displayName: Kenneth Oncinian sambaPwdMus...

...ain the # CA-certificate(s) followed by the matching CRL(s). #ssl_ca_file = # Request client to send a certificate. If you also want to require it, set # ssl_require_client_cert=yes in auth section. #ssl_verify_client_cert = no # Which field from certificate to use for username. commonName and # x500UniqueIdentifier are the usual choices. You'll also need to set # ssl_username_from_cert=yes. #ssl_cert_username_field = commonName # How often to regenerate the SSL parameters file. Generation is quite CPU # intensive operation. The value is in hours, 0 disables regeneration # entirely. #ssl_parameters_regene...

Hi everybody, I made a pretty complete howto for samba on debian servers. This howto covers samba + ldap + cups + recycle bin + samba-vscan + phpldapadmin + ACL + Extended Attributes. this howto is also based on the idealx howto If you do this setup, you should be able to use the NT4 Usermanager, setup Point en Print Printing. set rights from explorer etc. other nice tools is ldapadmin (