3 Jul
2010
3 Jul
'10
11:07 a.m.
RV> but if I wanted to extract the emailAddress or CN field from the RV> X509 certificate and authorize it against my LDAP tree AdK> The limitation isn't the users file. AdK> It's that extracting the fields from the certificate is hard. I don't understand. rlm_eap's check_cert_cn must be able to extract the CN from the user certificate in order to check it against User-Name (or whatever). Or at least, with check_cert_cn = %{User-Name}, you can substitute User-Name for an extracted CN for whatever additional lookup you need. Or am I getting it wrong?