RFC 2649

• An LDAP Control and Schema for Holding Operation Signatures, B. Greenblatt, P. Richard. August 1999 (EXP)

  • Client send modification of an entry on a secure connection (e.g. TLS) and signs this modification with S/MIME certificate, or lets it be signed by the server
  • a complete journal of modifications is stored
  • Defines:
    • Control SignedOperation
    • Control Demandsignedresult
    • Control SignedResult
    • Objectclass signedAuditTrail with Attribute Changes
    • Objectclass zombiObject with Attribute Changes and originalObject
    • RootDSE Attribute signedDirectoryOperationSupport

Previous slide

Next slide

Back to first slide

View graphic version