If you are in trouble, get the Ldap Browser/editor from http://www.iit.edu/~gawojar/ldap/ . It functions to both unix&windows with java. Then bind to your LDAP server and try to add a entry using the credentials supplied to openca (RA.conf) . If you are successful, then the OpenCA Ldap should work. If not, initialize the LDAP database and check credentials. It's a sugesstion only. Alex
Slim CHTOUROU wrote: > I installed LDAP rpm redhat package 2.0.21 > this the slapd.conf > > > # > # See slapd.conf(5) for details on configuration options. > # This file should NOT be world readable. > # > include /etc/openldap/schema/core.schema > include /etc/openldap/schema/cosine.schema > include /etc/openldap/schema/inetorgperson.schema > include /etc/openldap/schema/nis.schema > include /etc/openldap/schema/redhat/rfc822-MailMember.schema > include /etc/openldap/schema/redhat/autofs.schema > include /etc/openldap/schema/redhat/kerberosobject.schema > > # Define global ACLs to disable default read access. > > # Do not enable referrals until AFTER you have a working directory > # service AND an understanding of referrals. > #referral ldap://root.openldap.org > > pidfile /var/run/slapd.pid > argsfile //var/run/slapd.args > > # Create a replication log in /var/lib/ldap for use by slurpd. > #replogfile /var/lib/ldap/master-slapd.replog > > # Load dynamic backend modules: > # modulepath /usr/sbin/openldap > # moduleload back_ldap.la > # moduleload back_ldbm.la > # moduleload back_passwd.la > # moduleload back_shell.la > > # > # The next two lines allow use of TLS for connections using a dummy test > # certificate, but you should generate a proper certificate by changing to > # /usr/share/ssl/certs, running "make slapd.pem", and fixing permissions on > # slapd.pem so that the ldap user or group can read it. > # TLSCertificateFile /usr/share/ssl/certs/slapd.pem > # TLSCertificateKeyFile /usr/share/ssl/certs/slapd.pem > # > # Sample Access Control > # Allow read access of root DSE > # Allow self write access > # Allow authenticated users read access > # Allow anonymous users to authenticate > # > defaultaccess read > by self write > by dn="cn=httpd,o=get,ou=get,c=fr" write > by * compare > #access to dn="" by * read > #access to * > # by self write > # by users read > # by anonymous auth > # > # if no access controls are present, the default is: > # Allow read by all > # > # rootdn can always write! > > ####################################################################### > # ldbm database definitions > ####################################################################### > > database ldbm > suffix "ou=get,o=get,c=fr" > #suffix "o=My Organization Name,c=US" > rootdn "cn=httpd,ou=get,o=get,c=fr" > #rootdn "cn=Manager,o=My Organization Name,c=US" > # Cleartext passwords, especially for the rootdn, should > # be avoided. See slappasswd(8) and slapd.conf(5) for details. > # Use of strong authentication encouraged. > rootpw secret > # rootpw {crypt}ijFYNcSNctBYg > # The database directory MUST exist prior to running slapd AND > # should only be accessible by the slapd/tools. Mode 700 recommended. > directory /var/lib/ldap > # Indices to maintain > index objectClass,uid,uidNumber,gidNumber,memberUid pres,eq > index cn,mail,surname,givenname > pres,eq,subinitial > # Replicas to which we should propagate changes > #replica host=ldap-1.example.com:389 tls=yes > # bindmethod=sasl saslmech=GSSAPI > # [EMAIL PROTECTED] > > > and this the raserver.conf #ldap section > > > ## LDAP Section: > ## ============= > ## > ## As this RA Server Manager has the need to interact with ldap server, > ## it is important ( for administrative porpouses ) you can have > ## privileged access to directory. > > ## LDAP Server Name > ldapserver localhost > > ## LDAP Port Number ( defaults to 389 ) > ldapport 389 > > ## LDAP Maximum number of records returned by a query > ldaplimit 100 > > ## Now the LDAP default base dn > > basedn "ou=get,o=get,c=fr" > > ## Let's define the privileged Account Allowed to Modify the LDAP entries > ldaproot "cn=httpd,ou=get,o=get,c=fr" > ldappwd "secret" > > ## Let's define some Directory Env > ## supposed to find there the bin/, sbin/ directory > ldapbasedir "/var/lib/ldap" > > I don't find what go wrong !! > > regards > > > > >Slim CHTOUROU schrieb: > >> > >> hy everyboby > >> I have a problem in adding ca certificate to LDAP > >> initializing LDAP connection ... Ok. > >> > >> Adding Organization Entry ... Error! > >> 32 > >> > >> Adding CA Certificate ... Error! > >> 32 > >> > >> Disconnecting ... Ok > > > >I don't know how you produce this outut with OpenCA but errorcode 32 > >means "no such object". Normally the basedn is wrong or a part of the DN > >except of the full DN does not exist. > > > >Michael > >-- > >------------------------------------------------------------------- > >Michael Bell Email (private): [EMAIL PROTECTED] > >Rechenzentrum - Datacenter Email: [EMAIL PROTECTED] > >Humboldt-University of Berlin Tel.: +49 (0)30-2093 2482 > >Unter den Linden 6 Fax: +49 (0)30-2093 2959 > >10099 Berlin > >Germany http://www.openca.org > > > >_______________________________________________ > >Openca-Users mailing list > >[EMAIL PROTECTED] > >https://lists.sourceforge.net/lists/listinfo/openca-users > > > > _______________________________________________ > Openca-Users mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/openca-users _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users