summaryrefslogtreecommitdiffstats
path: root/design/hs_pki_ldap
diff options
context:
space:
mode:
authord3llf <d3llf@hackerspace.pl>2017-02-05 12:53:47 +0100
committerd3llf <d3llf@hackerspace.pl>2017-02-05 12:53:47 +0100
commitf5c69eaf0b7359d0ce9be655d9fdce9212b57352 (patch)
treef474efad427c9aae663514d3558de02d6b693184 /design/hs_pki_ldap
downloadhs_pki-f5c69eaf0b7359d0ce9be655d9fdce9212b57352.tar.gz
hs_pki-f5c69eaf0b7359d0ce9be655d9fdce9212b57352.tar.bz2
hs_pki-f5c69eaf0b7359d0ce9be655d9fdce9212b57352.tar.xz
hs_pki-f5c69eaf0b7359d0ce9be655d9fdce9212b57352.zip
Init commit: stub README; RFI for hs_pki_uc needed
Diffstat (limited to 'design/hs_pki_ldap')
-rw-r--r--design/hs_pki_ldap40
1 files changed, 40 insertions, 0 deletions
diff --git a/design/hs_pki_ldap b/design/hs_pki_ldap
new file mode 100644
index 0000000..16e8a3f
--- /dev/null
+++ b/design/hs_pki_ldap
@@ -0,0 +1,40 @@
+ou=Peoples,dc=hackerspace,dc=pl
+ou=Services,dc=hackerspace,dc=pl
+ou=Group,dc=hackerspace,dc=pl
+
+#Root of PKI
+cn=PKI,ou=Services,dc=hackerspace,dc=pl
+
+# Certificate templates (access for server ro, KC rw)
+ou=Templates,ou=Certificate,cn=PKI,ou=Services,dc=hackerspace,dc=pl
+
+# Authoritative Information Extension (CA bundle; all CA certificates are published here,
+# each CA has it's own subtree here)
+cn=AIA,cn=PKI,ou=Services,dc=hackerspace,dc=pl
+cn=CA1,cn=AIA,cn=PKI,ou=Services,dc=hackerspace,dc=pl
+cn=CA2,cn=AIA,cn=PKI,ou=Services,dc=hackerspace,dc=pl
+...
+
+# PKI KC certs store (rw for servers, ro for KC):
+cn=KC,cn=AIA,cn=PKI,ou=Services,dc=hackerspace,dc=pl
+uid=enleth,cn=KC,cn=AIA,cn=PKI,ou=Services,dc=hackerspace,dc=pl
+uid=cranix,cn=KC,cn=AIA,cn=PKI,ou=Services,dc=hackerspace,dc=pl
+uid=q3k,cn=KC,cn=AIA,cn=PKI,ou=Services,dc=hackerspace,dc=pl
+
+# CRL Distribution Points - each CA has its own
+cn=CDP,cn=PKI,ou=Services,dc=hackerspace,dc=pl
+cn=CA1,cn=CA1,cn=PKI,ou=Services,dc=hackerspace,dc=pl
+cn=CA2,cn=CA2,cn=PKI,ou=Services,dc=hackerspace,dc=pl
+...
+
+# Issued certificates
+cn=Certificates,cn=PKI,ou=Services,dc=hackerspace,dc=pl
+uid=d3llf,cn=Certificates,cn=PKI,ou=Services,dc=hackerspace,dc=pl
+
+# End user certificates
+cn=People,cn=Certificates,cn=PKI,ou=Services,dc=hackerspace,dc=pl
+
+# Application certificates
+cn=App1,cn=Certificates,cn=PKI,ou=Services,dc=hackerspace,dc=pl
+cn=App2,cn=Certificates,cn=PKI,ou=Services,dc=hackerspace,dc=pl
+...