http://www3.ietf.org/proceedings/03nov/I-D/draft-ietf-pkix-ldap-crl-schema-01.txt
Expire된 draft는 있네요.. 쩝~
하지만 일본사이트에 보니.. 별다른 schema없이도 가능한거 같습니다.
# cat crl.ldif
dn: cn=crl, o=example, c=jp
objectclass: top
objectclass: pkiCA
cACertificate;binary:: MIIEAzCCAuugAwIBAgIBATANBgkqhkiG9w0BAQUFADBcMQswCQYDVQQGEwJKUDEt
MCsGA1UECgwkRGVtb25zdHJhdGlvbiBDZXJ0aWZpY2F0aW9uIFNlcnZpY2VzMR4w
HAYDVQQLDBVERU1PTlNUUkFUSU9OIFJPT1QgQ0EwHhcNMDIwMTAxMDAwMDAwWhcN
NDkxMjMxMjM1OTU5WjBeMQswCQYDVQQGEwJKUDEtMCsGA1UEChMkRGVtb25zdHJh
dGlvbiBDZXJ0aWZpY2F0aW9uIFNlcnZpY2VzMSAwHgYDVQQLExdERU1PTlNUUkFU
SU9OIE1JRERMRSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANLm
nTKN7aZbxl4VmcnYbaOyWAoz5cRS/cV6dE0hDBeJuhy9wybjTygFx+bh1pFmROzp
EvCsEmKirOyhcUI2PKtzkjb0rZpEzfU9SBAKSzR8/PM7Bp4Sl6EOC0mfOS/k6KEf
wI5n80D8XlOxWE+V8HZKWL3l1CC82i++bAmwtKGl1MujSHqEDY78i3DPTH6yBSaF
GHeHcejrX0d1VrLPIxMgDYH0AaEzkZa+3M4ssrB5mn0un6iqIRr80O42Mv8G2Rss
lBjeXU53rLg3JMaIVoneekRRsbLevtnKf7xwwNS5mhN3O3a3Np0h6gLu2RstYItN
RWwQ+IN2F3TXNak8b9cCAwEAAaOBzTCByjCBhAYDVR0jBH0we4AU09lDErqfTqhJ
7/XVGLxUnL9/kTKhYKReMFwxCzAJBgNVBAYTAkpQMS0wKwYDVQQKDCREZW1vbnN0
cmF0aW9uIENlcnRpZmljYXRpb24gU2VydmljZXMxHjAcBgNVBAsMFURFTU9OU1RS
QVRJT04gUk9PVCBDQYIBADAdBgNVHQ4EFgQUTSjOaLsPhfSrnFuGAtCJa8lbOb4w
DgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQowDQYJKoZIhvcNAQEF
BQADggEBAJeyGjXQ9G9bZOceFw7P6pm4hptC/bwwV2uwF/Mvy33L0J7dm3/okBrL
+LnSUrEtf4V7NDsmOY0OWHwBQftfDtryLzgdXaiqtkjA1X5dxbExwja1iqsumS2y
eIBsOwGvZedu7HAYty2d/LLdu6MFxUP7G1CXl64HSh5Y9g0s/rZa0phde2z5nrrU
TP8KY7E1Ibdcw86O/s11AXMtgX06q8wRhNyMaA8pY7PSWM+hFZPOKuKCYYKn4e3R
AG3vsA5Lv1e4jFIt8x7UwnEx+zDKxjtLlnLz+z0IZdUHU6SQdw9xp5MQtHJYhc17
+IWk9muxoyhaDILoLfXkNGvJZZFgkEc=
certificateRevocationList;binary:: MIIBujCBozANBgkqhkiG9w0BAQQFADBeMQswCQYDVQQGEwJKUDEtMCsGA1UEChMk
RGVtb25zdHJhdGlvbiBDZXJ0aWZpY2F0aW9uIFNlcnZpY2VzMSAwHgYDVQQLExdE
RU1PTlNUUkFUSU9OIE1JRERMRSBDQRcNMDIwMjEzMTIwNjUyWhcNMDIwMzE1MTIw
NjUyWjAUMBICAQUXDTAyMDIxMzEyMDYyMVowDQYJKoZIhvcNAQEEBQADggEBAGe6
rqm67X6XBtBcj+vipV6+c1c4QOvgc9Hon6xaZ+OgGSsTk+VdDIWzHxSYkHt/4/AT
opjypLtWk8M5BSRwRZJA26H4DigFIh/8XKIhpug+y8/c8GL/RR9SWnJn//w3+lw/
cZQlSRz+4O5uo1dYylEJF2T2j2W+2CbiSvvRY2+WhlwN51BobFs20OMLyN9ftzHL
JsPbXwzsdB3kl7G1KKKiXsiPQxtZP904XLcytCmwc0Im1CfF3y8vkQl1moUnRjA1
sksFv1QLqZ1IKOEZWFxc+2nJShlSjIleIrv63BrMD6V8//roAV51qAXncVX8Ig3N
PloUAzl7CVcgI6bz8B0=
# ldapadd -x -D "cn=root,o=example,c=jp" -W -f crl.ldif
Enter LDAP Password:
adding new entry "cn=crl, o=example, c=jp"
ldap_add: Object class violation
ldif_record() = 65
openldap궼redhat7.2궸볺궯궲궋궫귖궻귩럊뾭궢궲궋귏궥갃
slapd.conf궼돷딯궻믅귟궳궥갃
# cat /etc/openldap/slapd.conf
# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.6 2001/04/20 23:32:43 kurt Exp $
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/redhat/rfc822-MailMember.schema
include /etc/openldap/schema/redhat/autofs.schema
include /etc/openldap/schema/redhat/kerberosobject.schema
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
#pidfile /var/run/slapd.pid
#argsfile /var/run/slapd.args
# Create a replication log in /var/lib/ldap for use by slurpd.
#replogfile /var/lib/ldap/master-slapd.replog
# Load dynamic backend modules:
# modulepath /usr/sbin/openldap
# moduleload back_ldap.la
# moduleload back_ldbm.la
# moduleload back_passwd.la
# moduleload back_shell.la
# The next two lines allow use of TLS for connections using a dummy test
# certificate, but you should generate a proper certificate by changing to
# /usr/share/ssl/certs, running "make slapd.pem", and fixing permissions on
# slapd.pem so that the ldap user or group can read it.
#TLSCertificateFile /usr/share/ssl/certs/slapd.pem
#TLSCertificateKeyFile /usr/share/ssl/certs/slapd.pem
#######################################################################
# ldbm database definitions
#######################################################################
database ldbm
suffix "o=example,c=jp"
rootdn "cn=root,o=example,c=jp"
rootpw test
directory /var/lib/ldap
|