Print

LDAP technical description

LDAP query examples:

The directory service queries must be submitted using the LDAPv3. The service access is unrestricted (anonymous bind, simple authentication). There is no support for data exchange with SSL/TLS encryption and SSL client authentication.

Directory address: ldap.sk.ee port 389.

Below you will find a detailed description of the directory layout. Knowledge of the layout is necessary for conducting data searches in the directory.

LDAP directory structure

Directory tree list (personal certificates)
·         c=EE
     o=ESTEID
     ou=Authentication
·         cn=MÄNNIK,MARI-LIIS,47101010033
     cn: MÄNNIK,MARI-LIIS,47101010033
     serialNumber: 47101010033
     userCertificate:
     ou=Digital Signature
·         cn=MÄNNIK,MARI-LIIS,47101010033
     cn: MÄNNIK,MARI-LIIS,47101010033
     serialNumber: 47101010033
     userCertificate:
     o=ESTEID (DIGI-ID)
     ou=Authentication
·         cn=MÄNNIK,MARI-LIIS,47101010033
     cn: MÄNNIK,MARI-LIIS,47101010033
     serialNumber: 47101010033
     userCertificate:
     ou=Digital Signature
·         cn=MÄNNIK,MARI-LIIS,47101010033
     cn: MÄNNIK,MARI-LIIS,47101010033
     serialNumber: 47101010033
     userCertificate:
 
     o=ESTEID (MOBIIL-ID)
     ou=Authentication
·         cn=MÄNNIK,MARI-LIIS,47101010033
     cn: MÄNNIK,MARI-LIIS,47101010033
     serialNumber: 47101010033
     userCertificate:
     ou=Digital Signature
·         cn=MÄNNIK,MARI-LIIS,47101010033
     cn: MÄNNIK,MARI-LIIS,47101010033
     serialNumber: 47101010033
     userCertificate:
 
In o=ESTEID (MOBIIL-ID) there are only national Mobile -ID certificates. The directory does not contain private Mobile-ID certificates..
Searching for personal certificates is restricted to prevent pattern-based data searches. To find the desired certificate in the directory, the query must contain the precise value of the cn or serialNumber field.
Directory tree list (organization certificates)
The LDAP structure of organization certificates supports the following countries: c=EE ; c=SE ; c=FI ; c=LV ; c=LT
·         c=EE
     st=Maakond
     l=Linn
·         o=Asutus 1 nimi
     cn=Sertifikaadi omaniku nimetus
     cn: Sertifikaadi omaniku nimetus
     serialNumber: Asutus 1 registrikood
     email: e-posti aadress
     o=Asutus 2 nimi
     cn=Sertifikaadi omaniku nimetus
·         cn: Sertifikaadi omaniku nimetus
·         serialNumber: Asutus 2 registrikood
·         email: e-posti aadress
 
 Directory tree list (certifiers part):
·         c=EE
     o=AS Sertifitseerimiskeskus
     ou=Sertifitseerimisteenused
·         cn=EID-SK 2007
·         cn=EID-SK 2011
·         cn=KLASS3-SK
·         cn=KLASS3-SK 2010
     ou=ESTEID
·         cn=ESTEID-SK
·         cn=ESTEID-SK 2007
·         cn=ESTEID-SK 2011
 
Each certifier entry has these attributes: cn, userCertificate and certificateRevocationList.

LDAP query examples

Example query from the Linux or Mac command line to search for a personal certificate:

ldapsearch -x -h ldap.sk.ee -b c=EE "(serialNumber=47101010033)"
ldapsearch -x -h ldap.sk.ee -b c=EE "(cn=MÄNNIK,MARI-LIIS,47101010033)"

Example query from the Linux or Mac command line to search for a revocation list:

ldapsearch -x -h ldap.sk.ee -t -b c=EE "(cn=ESTEID-SK 2007)" certificateRevocationList

In Windows, for instance using the Internet Explorer browser (enter the query in the address line), the following queries can be submitted:

Search by personal identification code

ldap://ldap.sk.ee:389/c=EE??sub?(serialNumber=36603150241)

Search by first name and surname and personal identification code

ldap://ldap.sk.ee:389/c=EE??sub?(cn=Tamm,Enn,36603150241)

for older browser versions please try:

ldap://ldap.sk.ee:389/c=EE??sub?(cn=Tamm\,Enn\,36603150241)