Bug 100392

Summary: CRL support in LDAP module
Product: [Retired] Stronghold Cross Platform Reporter: Lorrayne Schaefer <lorrayne>
Component: mod_authz_ldapAssignee: Joe Orton <jorton>
Status: CLOSED WONTFIX QA Contact: Stronghold Engineering List <stronghold-eng-list>
Severity: medium Docs Contact:
Priority: medium    
Version: 4.0CC: crunge
Target Milestone: ---Keywords: FutureFeature
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-09-05 14:07:21 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Lorrayne Schaefer 2003-07-21 22:39:36 UTC 
Chris Runge asked me to open a formal Request For Enhancement (RFE) in this area for consideration in a future version of the 
product. 

Here's what I'm thinking for CRL support (this is a bit beyond the mod_authz_ldap module, but some of Chris' questions extend to 
the web server):

* Server periodically fetches the CRL (the times for fetching of the CRL is a configurable option in the config file).
* The CRL is cached locally for perfomance.
* Have a configurable option in the config file that specifies what format the CRL is stored in the directory (default format is DER)
* Provide a configurable CRL grace period that will extend beyond the CRL's NextUpdate in either seconds or minutes.  Please 
make this a long interger. 
*  Provide support in following the CRL Distribution Point (if present in the End Entity or CA certificate)
* For CRL retrieval, allow support for ldap://, http://, https://, and file://.
Comment 1 Joe Orton 2006-09-05 14:07:21 UTC 
Stronghold 4.0 Cross Platform reached End of Life as of the end of December 2005.

For more information or further options see: 

http://www.redhat.com/software/stronghold/