Hi, > Is there a somewhat straight forward way to get the users Name and Email from > their LDAP login to use in a workflow? In our setup all users must use their > AD login to sign in, so that information should always be available.
Short answer: Yes, of course this is possible. However, there's a lot of different ways to do this. In the most trivial case where the user logs in via his or her user ID with an AD/LDAP bind it is possible to gather user information from LDAP and store it as workflow context values in the request workflow. But you may also want to attach this information to the CSR and the certificate which is ultimately created, so you could search for the "owner" email address later on the certificate data, not only on the workflows. Next, you might also want to consider to have a support address attached to a certificate indicating the support group responsible for a particular certificate. Notification should probably go to the support group, not to the individual requester (who may have changed affiliation some time down the road before the expiration notice is sent). OpenXPKI is very flexible and configurable with regard to managing this metadata, but with the flexibility there also comes the need to properly define and implement the requirements. How you implement this depends on the local PKI design and how meta data of certificates and requests is managed. Could you provide more information on what you want to achieve? Do you only want to store the information in the workflow or would you like to have this information available on the generated certificates? Cheers Martin _______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
