Hi all,
I�m having some troubles configuring my OpenCA (v.0.9.2.1 ) to support modern LDAP hierarchy (o=***,dc=***,dc=*****). I know where the problem is, but I can�t find it . Somebody help me please !! ;)
These are the things that I�ve changed : in DIR/servers/****.conf (ca, node, ldap, ra , pub) all files looks similar.
DN_TYPE_BASIC_BASE "O" "DC" "DC"
DN_TYPE_BASIC_ELEMENTS "UID" "OU"
DN_TYPE_BASIC_ELEMENTS "UID" "OU"
DN_TYPE_BASIC_NAME "Peticion basica de Usuario"
DN_TYPE_BASIC_BASE_1 "******"
DN_TYPE_BASIC_BASE_2 "***"
DN_TYPE_BASIC_BASE_3 "**"
DN_TYPE_BASIC_BASE_2 "***"
DN_TYPE_BASIC_BASE_3 "**"
DN_TYPE_BASIC_ELEMENT_1 "Identificacion de USUARIO"
DN_TYPE_BASIC_ELEMENT_1_MINIMUM_LENGTH 4
DN_TYPE_BASIC_ELEMENT_1_REQUIRED "YES"
DN_TYPE_BASIC_ELEMENT_1_CHARACTERSET "UID"
DN_TYPE_BASIC_ELEMENT_1_MINIMUM_LENGTH 4
DN_TYPE_BASIC_ELEMENT_1_REQUIRED "YES"
DN_TYPE_BASIC_ELEMENT_1_CHARACTERSET "UID"
DN_TYPE_BASIC_ELEMENT_2 "Grupo de peticion de Certificado"
DN_TYPE_BASIC_ELEMENT_2_SELECT "Internet" "Partners" "Empleados" "Trustcenter" "usuarios"
DN_TYPE_BASIC_ELEMENT_2_MINIMUM_LENGTH 1
DN_TYPE_BASIC_ELEMENT_2_REQUIRED "YES"
DN_TYPE_BASIC_ELEMENT_2_CHARACTERSET "LATIN1_LETTERS"
DN_TYPE_BASIC_SUBJECTALTNAMES "email" "IP" "DNS"
DN_TYPE_BASIC_ELEMENT_2_SELECT "Internet" "Partners" "Empleados" "Trustcenter" "usuarios"
DN_TYPE_BASIC_ELEMENT_2_MINIMUM_LENGTH 1
DN_TYPE_BASIC_ELEMENT_2_REQUIRED "YES"
DN_TYPE_BASIC_ELEMENT_2_CHARACTERSET "LATIN1_LETTERS"
DN_TYPE_BASIC_SUBJECTALTNAMES "email" "IP" "DNS"
DN_TYPE_BASIC_SUBJECTALTNAME_1 "alternative email"
DN_TYPE_BASIC_SUBJECTALTNAME_1_MINIMUM_LENGTH 3
DN_TYPE_BASIC_SUBJECTALTNAME_1_REQUIRED "NO"
DN_TYPE_BASIC_SUBJECTALTNAME_1_MINIMUM_LENGTH 3
DN_TYPE_BASIC_SUBJECTALTNAME_1_REQUIRED "NO"
DN_TYPE_BASIC_SUBJECTALTNAME_2 "IP address"
DN_TYPE_BASIC_SUBJECTALTNAME_2_MINIMUM_LENGTH 7
DN_TYPE_BASIC_SUBJECTALTNAME_2_REQUIRED "NO"
DN_TYPE_BASIC_SUBJECTALTNAME_2_MINIMUM_LENGTH 7
DN_TYPE_BASIC_SUBJECTALTNAME_2_REQUIRED "NO"
DN_TYPE_BASIC_SUBJECTALTNAME_3 "DNS name"
DN_TYPE_BASIC_SUBJECTALTNAME_3_MINIMUM_LENGTH 9
DN_TYPE_BASIC_SUBJECTALTNAME_3_REQUIRED "NO"
DN_TYPE_BASIC_SUBJECTALTNAME_3_MINIMUM_LENGTH 9
DN_TYPE_BASIC_SUBJECTALTNAME_3_REQUIRED "NO"
Or maybe the problem is in the openssl.cnf :
[ new_oids ]
pseudonym=2.5.4.65
userid=0.9.2342.19200300.100.1.1
[ policy_match ]
domainComponent = match
domainComponent = match
organizationName = match
organizationalUnitName = optional
userid = supplied
[ req_distinguished_name ]
userid = Identificacion de usuario (ej, acronimo)
userid_min = 4
userid_max = 4
userid = Identificacion de usuario (ej, acronimo)
userid_min = 4
userid_max = 4
organizationalUnitName = Nombre de unidad Organizacional (eg, seccion)
organizationalUnitName_default = usuarios
organizationalUnitName_default = usuarios
organizationName = Nombre de la Organizacion
organizationName_default = ****
organizationName_default = ****
1.domainComponent = Componente de dominio (ej. SGI)
1.domainComponent_default = ***
1.domainComponent_default = ***
0.domainComponent = Componente de dominio (ej. ES)
0.domainComponent_default = **
0.domainComponent_default = **
thanks,
