I have a hopefully quick question...

We store our user public certificates in eDirectory, in an octet string
attribute--the whole cert. We are now looking at doing x509
authentication via NAM, and NAM has some specific requirements for how
to match a verified cert to a user's account, and oddly enough using the
whole cert isn't one of them. The best I've come up with is to store
certain data from the cert, such as the issuer and serial into
sasAllowableSubjectNames--I verified that works. But that means I need
to extract this data from everyone's public cert and store it into that
attribute. It seems to me a null driver of some sort would be a
reasonable way to do all that work for me.

So...my question is, how might I go about parsing an octet string like
this using driver policy? We have the means of doing this outside of
IDM, using scripts and such, but since I could still be considered
fairly new to IDM (just less than a year), I'm eager to try my hand at
doing this via policy. Any direction is appreciated.


adamdn01's Profile: https://forums.netiq.com/member.php?userid=2226
View this thread: https://forums.netiq.com/showthread.php?t=44995