<div dir="ltr"><div><div>Greetings, novice at freeradius here. I would like to use the ldap module in Freeradius to check certs against CRLS, nothing special there. What I'm wondering is how, if it is in fact possible, can I take the DN provided by the cert to filter the ldap search done by the module. All I really need to filter on is the CN part of the DirName. Example:<br>
<br>DirName: C = US, O = XXXXXXX, CN = CRLXXX<br><br>There are quite a few CRLs on the ldap server and it seems that having more than one result returned results in an ambiguous search and a subsequent failure. Is what I'm looking to do possible?<br>
<br></div>Somewhat related question about CRLs, in my testing I've run across the error "Different CRL scope". It seems that the CRLs have the UsersOnly flag set, but I can still successfully verify that a revoked certificate that fails in this fashion is indeed revoked by using openssl verify. My suspicion is that openssl verify doesn't care about scope, but I haven't found anything that says one or the other.<br>
<br></div><div>I'm running freeradius 2.1.12 from the debian wheezy repo, openssl 1.0.1e from the same, if this is relevant.<br></div><div><br></div>Regards,<br>Joacim Kosonen <br></div>