From ab90e078ffb1fd8c27d06b0f32c5b4ba9a16861f Mon Sep 17 00:00:00 2001
From: "B. Stack" <bgstack15@gmail.com>
Date: Tue, 23 Jul 2024 20:49:09 -0400
Subject: support domain lookup from oid

---
 read-cert-template.conf.example | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)
 create mode 100644 read-cert-template.conf.example

(limited to 'read-cert-template.conf.example')

diff --git a/read-cert-template.conf.example b/read-cert-template.conf.example
new file mode 100644
index 0000000..0a875f3
--- /dev/null
+++ b/read-cert-template.conf.example
@@ -0,0 +1,18 @@
+# File: ~/.config/read-cert-template.conf
+# If you know the whole oid, chop off the M$ part, and the first number (awk $10) is this identifier. Technically it is not enough to identify the exact PKI instance, but it is good enough for this!
+# You can just use RCT_ALIAS= if you do not want to define per-domain settings.
+RCT_ALIAS_1234567=""
+RCT_LDAPSERVER_1234567=ldaps://locale1.example.corp
+# the "CN=Certificate Templates,CN=Public Key Services,CN=Services,CN=Configuration," will be added to this:
+RCT_LDAPBASE_1234567="DC=example,DC=corp"
+# because i struggled with escaped spaces around this stuff
+RCT_LDAPAUTH1_1234567="-x -w $( printf '%s' 'base64dPwHere' | base64 -d )"
+RCT_LDAPAUTH2_1234567="-D CN=Service Account 23498,OU=Accounts,DC=locale2,DC=example,DC=corp"
+
+RCT_ALIAS_4928234="DEV"
+RCT_LDAPSERVER_4928234=ldaps://locale2.example.corp
+# the "CN=Certificate Templates,CN=Public Key Services,CN=Services,CN=Configuration," will be added to this:
+RCT_LDAPBASE_4928234="DC=locale2,DC=example,DC=corp"
+# because i struggled with escaped spaces around this stuff
+RCT_LDAPAUTH1_4928234="-x -w $( printf '%s' 'SecurityHatesMe' | base64 -d )"
+RCT_LDAPAUTH2_4928234="-D CN=Service Account 5822,OU=Accounts,DC=locale2,DC=example,DC=corp"
-- 
cgit