On Wed, 2023-09-27 at 20:34 -0600, Blake Rich wrote:
> Recently our CA updated their S/MIME certificates. We've used them for both email as well as certificate
authenticationwith mapping in postgresql. However our options for certificates ended up
> shifting to an Organization certificate, where the person's name is no longer the CN of the cert, but rather the CN
isthe Organization's name. Is there any way with certificate mapping to use a
> field other than CN to map to a database user? I've searched the archives and online and can't find any details
indicatingany way to do so, but I'm hopeful.
>
> Old certs that worked to filter out the first name as the username had
>
> CN = firstname lastname
> E = firstname.lastname@<org>.<com>
>
> New certs have
>
>
> CN = <org name>
> E = firstname.lastname@<org>.<com>
>
> I can't seem to figure out how to look at the E = field or even if it is possible. Any insight would be greatly
appreciated.
I don't think that's possible, short of modifying PostgreSQL.
Yours,
Laurenz Albe