I was also trying to modify the way OpenCA publish to LDAP directory.
But I soon realized that the o=***,c=** style is deeply buried in many
different places in OpenCA config files so you should use that structure
or carefully find them all before you can rule them all :)
NÃstor AyllÃn MartÃn wrote:
Hi all,
IÂm having some troubles configuring my OpenCA (v.0.9.2.1 ) to support
modern LDAP hierarchy (o=***,dc=***,dc=*****). I know where the
problem is, but I canÂt find it . Somebody help me please !! ;)
These are the things that IÂve changed : in DIR/servers/****.conf (ca,
node, ldap, ra , pub) all files looks similar.
DN_TYPE_BASIC_BASE "O" "DC" "DC"
DN_TYPE_BASIC_ELEMENTS "UID" "OU"
DN_TYPE_BASIC_NAME "Peticion basica de Usuario"
DN_TYPE_BASIC_BASE_1 "******"
DN_TYPE_BASIC_BASE_2 "***"
DN_TYPE_BASIC_BASE_3 "**"
DN_TYPE_BASIC_ELEMENT_1 "Identificacion de USUARIO"
DN_TYPE_BASIC_ELEMENT_1_MINIMUM_LENGTH 4
DN_TYPE_BASIC_ELEMENT_1_REQUIRED "YES"
DN_TYPE_BASIC_ELEMENT_1_CHARACTERSET "UID"
DN_TYPE_BASIC_ELEMENT_2 "Grupo de peticion de Certificado"
DN_TYPE_BASIC_ELEMENT_2_SELECT "Internet" "Partners"
"Empleados" "Trustcenter" "usuarios"
DN_TYPE_BASIC_ELEMENT_2_MINIMUM_LENGTH 1
DN_TYPE_BASIC_ELEMENT_2_REQUIRED "YES"
DN_TYPE_BASIC_ELEMENT_2_CHARACTERSET "LATIN1_LETTERS"
DN_TYPE_BASIC_SUBJECTALTNAMES "email" "IP" "DNS"
DN_TYPE_BASIC_SUBJECTALTNAME_1 "alternative email"
DN_TYPE_BASIC_SUBJECTALTNAME_1_MINIMUM_LENGTH 3
DN_TYPE_BASIC_SUBJECTALTNAME_1_REQUIRED "NO"
DN_TYPE_BASIC_SUBJECTALTNAME_2 "IP address"
DN_TYPE_BASIC_SUBJECTALTNAME_2_MINIMUM_LENGTH 7
DN_TYPE_BASIC_SUBJECTALTNAME_2_REQUIRED "NO"
DN_TYPE_BASIC_SUBJECTALTNAME_3 "DNS name"
DN_TYPE_BASIC_SUBJECTALTNAME_3_MINIMUM_LENGTH 9
DN_TYPE_BASIC_SUBJECTALTNAME_3_REQUIRED "NO"
Or maybe the problem is in the openssl.cnf :
[ new_oids ]
pseudonym=2.5.4.65
userid=0.9.2342.19200300.100.1.1
[ policy_match ]
domainComponent = match
domainComponent = match
organizationName = match
organizationalUnitName = optional
userid = supplied
[ req_distinguished_name ]
userid = Identificacion de usuario (ej, acronimo)
userid_min = 4
userid_max = 4
organizationalUnitName = Nombre de unidad Organizacional
(eg, seccion)
organizationalUnitName_default = usuarios
organizationName = Nombre de la Organizacion
organizationName_default = ****
1.domainComponent = Componente de dominio (ej. SGI)
1.domainComponent_default = ***
0.domainComponent = Componente de dominio (ej. ES)
0.domainComponent_default = **
thanks,
-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
_______________________________________________
OpenCA-Devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openca-devel
