• Home
  • History
  • Annotate
Name Date Size #Lines LOC

..25-Oct-2021-

MakefileH A D03-May-20222 KiB7039

READMEH A D25-Oct-20215 KiB128110

asn.hH A D25-Oct-20211.4 KiB5840

asn_to_syn_mr.cH A D25-Oct-202117.6 KiB283267

authorityKeyIdentifier.asnH A D25-Oct-20212.4 KiB6651

authorityKeyIdentifier.cH A D25-Oct-202177.8 KiB2,0591,886

authorityKeyIdentifier.hH A D25-Oct-202111.1 KiB328187

certificate.asn1H A D25-Oct-20213.6 KiB176140

certificate.cH A D25-Oct-2021118 KiB3,2502,942

certificate.hH A D25-Oct-202112.3 KiB380213

componentlib.cH A D25-Oct-202168.7 KiB2,3711,772

componentlib.hH A D25-Oct-202120.2 KiB594411

crl.cH A D25-Oct-202148.1 KiB1,2951,178

crl.hH A D25-Oct-202111.7 KiB360191

init.cH A D25-Oct-202124.7 KiB840643

README

1Copyright 2004 Sang Seok Lim, IBM . All rights reserved.
2
3Redistribution and use in source and binary forms, with
4or without modification, are permitted only as authorized
5by the OpenLDAP Public License.
6
7A copy of this license is available in the file LICENSE in
8the top-level directory of the distribution or, alternatively,
9at <http://www.OpenLDAP.org/license.html>.
10
11This directory contains a Component Matching module and
12a X.509 Certificate example.  In order to understand Component
13Matching, see RFC 3687 and
14http://www.openldap.org/conf/odd-sandiego-2004/Sangseok.pdf
15
16%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
17A) Brief introduction about files in this directory
18%%%%%%%%%%55%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
19
201) init.c
21module_init() and functions which are dynamically linked
22into the main slapd codes.
23
242) componentlib.c and componentlib.h
25GSER and BER decoder library of each primitive ASN.1 type.
26They use component representation to store ASN.1 values.
27
283) certificate.c/.h authorityKeyIdentifier.c/.h
29eSNACC generated BER and GSER decoder routines of the X.509
30certificate specification and one of its extensions,
31authorityKeyIdentifier.
32
334) asn_to_syn_mr.c asn.h
34An mapping table from ASN.1 types to corresponding Syntaxes,
35matching rules, and component description in slapd.
36
37%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
38B) How to use Component Matching on X.509 certificates
39%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
40
411) be sure to configure slapd with enable-modules on.
422) install the GSER-support eSNACC compiler. You can find
43only in www.openldap.org. At least, you need the library
44(libcasn1.a) and header files for compiling this module.
453) modify Makefile accordingly. then run make.
46you will get compmatch.la and other necessary files in ./libs
474) modify slapd.conf to include the following module command
48	moduleload <path to>compmatch.la
495) run slapd and perform search operations against
50the attribute, userCertificate. You need to read through
51RFC 3687 in order to understand how to compose component
52filters.
53Ex) component search filter examples
54"(userCertificate:componentFilterMatch:=item:{ component
55\"toBeSigned.serialNumber\", rule integerMatch, value 2 })"
56You can find more examples in "test031-component-filter"
57in the OpenLDAP source directory.
58
59%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
60C) How to add a new ASN.1 syntax
61%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
62
631) download and install the eSNACC compiler supporting
64Component Matching. You can find the compiler only in
65www.openldap.org.  Before compiling, be sure to define
66the "LDAP_COMPONENT" macro to obtain component
67supported version of C library and back-ends of eSNACC.
68Otherwise compiled library will fail to be linked to
69the module.
702) using eSNACC, compile your ASN.1 specifications and
71copy the generated .c and .h files to this directory
72Ex)
73$ esnacc -E BER_COMP -E GSER -t -d -f example.asn
74For Component Matching, set BOTH BER_COMP and GSER on.
75After compiling, you will get example.c and example.h
763) modify example.c accordingly, seeing certificate.c
77and certificate.asn as a reference.
78- add init_module_xxx() located in generated .c file
79into init_module() in init.c.
80- modify the arguments of InstallOidDecoderMapping(...)
81accordingly
82- in the generated .c file, you need to write
83"DecComponentxxxTop(...)" function for yourself.
84You can copy BDecComponentCertificateTop in the
85generated .c file and modify it accordingly.
864) register a new attribute syntax with a new OID
87in a schema file
885) then goto 3) of B) section.
89
90%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
91D) How to configure Component Indexing
92%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
93You can generate indices on each component of
94a given attribute whose values are in either GSER or
95BER. Currently primitive ASN.1 types, DN, and RDN
96can be indexed for equality matching in BDB.
97In order to generate indices, put following line
98in the slapd configuration file, slapd.conf.
99
100index [attribute name].[component reference] eq
101
102Ex)
103index userCertificate eq
104index userCertificate.toBeSigned.issuer.rdnSequence eq
105index userCertificate.toBeSigned.serialNumber eq
106index userCertificate.toBeSigned.version eq
107
108%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
109D) How to configure Attribute Alias
110%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
111If your client is unable to use component filters,
112attribute aliasing can be used instead. Attribute
113Alias maps a virtual attribute type to an attribute
114component and a component matching rule.
115You can create your own aliases by following steps.
116
1171) register aliasing attributes in the schema file.
118Sample aliasing attributes are in test.schema.
1192) compose component filters for aliasing attributes
120and put them in "preprocessed_comp_filter" array
121in "init.c".
1223) add "add_aa_entry" function calls in
123"init_attribute_aliasing_table()" in "init.c"
1244) perform searching against the aliasing attribute
125Ex)
126"(x509CertificateIssuer:distinguishedNameMatch=
127cn=ray,L=yorktown,o=ibm,c=us)"
128