If you are in trouble, get the Ldap Browser/editor from
http://www.iit.edu/~gawojar/ldap/ . It functions to both unix&windows with
java. Then bind to your LDAP server and try to add a entry using the
credentials supplied to openca (RA.conf) . If you are successful, then the
OpenCA Ldap should work.
If not, initialize the LDAP database and check credentials.
It's a sugesstion only.
Alex

Slim CHTOUROU wrote:

> I installed LDAP rpm redhat package 2.0.21
> this the slapd.conf
>
>
> #
> # See slapd.conf(5) for details on configuration options.
> # This file should NOT be world readable.
> #
> include         /etc/openldap/schema/core.schema
> include         /etc/openldap/schema/cosine.schema
> include         /etc/openldap/schema/inetorgperson.schema
> include         /etc/openldap/schema/nis.schema
> include         /etc/openldap/schema/redhat/rfc822-MailMember.schema
> include         /etc/openldap/schema/redhat/autofs.schema
> include         /etc/openldap/schema/redhat/kerberosobject.schema
>
> # Define global ACLs to disable default read access.
>
> # Do not enable referrals until AFTER you have a working directory
> # service AND an understanding of referrals.
> #referral       ldap://root.openldap.org
>
> pidfile /var/run/slapd.pid
> argsfile        //var/run/slapd.args
>
> # Create a replication log in /var/lib/ldap for use by slurpd.
> #replogfile     /var/lib/ldap/master-slapd.replog
>
> # Load dynamic backend modules:
> # modulepath    /usr/sbin/openldap
> # moduleload    back_ldap.la
> # moduleload    back_ldbm.la
> # moduleload    back_passwd.la
> # moduleload    back_shell.la
>
> #
> # The next two lines allow use of TLS for connections using a dummy test
> # certificate, but you should generate a proper certificate by changing to
> # /usr/share/ssl/certs, running "make slapd.pem", and fixing permissions on
> # slapd.pem so that the ldap user or group can read it.
> # TLSCertificateFile /usr/share/ssl/certs/slapd.pem
> # TLSCertificateKeyFile /usr/share/ssl/certs/slapd.pem
> #
> # Sample Access Control
> #       Allow read access of root DSE
> #       Allow self write access
> #       Allow authenticated users read access
> #       Allow anonymous users to authenticate
> #
> defaultaccess read
> by self write
> by dn="cn=httpd,o=get,ou=get,c=fr" write
> by * compare
> #access to dn="" by * read
> #access to *
> #       by self write
> #       by users read
> #       by anonymous auth
> #
> # if no access controls are present, the default is:
> #       Allow read by all
> #
> # rootdn can always write!
>
> #######################################################################
> # ldbm database definitions
> #######################################################################
>
> database        ldbm
> suffix          "ou=get,o=get,c=fr"
> #suffix         "o=My Organization Name,c=US"
> rootdn          "cn=httpd,ou=get,o=get,c=fr"
> #rootdn         "cn=Manager,o=My Organization Name,c=US"
> # Cleartext passwords, especially for the rootdn, should
> # be avoided.  See slappasswd(8) and slapd.conf(5) for details.
> # Use of strong authentication encouraged.
> rootpw          secret
> # rootpw                {crypt}ijFYNcSNctBYg
> # The database directory MUST exist prior to running slapd AND
> # should only be accessible by the slapd/tools. Mode 700 recommended.
> directory       /var/lib/ldap
> # Indices to maintain
> index   objectClass,uid,uidNumber,gidNumber,memberUid   pres,eq
> index   cn,mail,surname,givenname
> pres,eq,subinitial
> # Replicas to which we should propagate changes
> #replica host=ldap-1.example.com:389 tls=yes
> #       bindmethod=sasl saslmech=GSSAPI
> #       [EMAIL PROTECTED]
>
>
> and this the raserver.conf #ldap section
>
>
> ## LDAP Section:
> ## =============
> ##
> ## As this RA Server Manager has the need to interact with ldap server,
> ## it is important ( for administrative porpouses ) you can have
> ## privileged access to directory.
>
> ## LDAP Server Name
> ldapserver localhost
>
> ## LDAP Port Number ( defaults to 389 )
> ldapport 389
>
> ## LDAP Maximum number of records returned by a query
> ldaplimit 100
>
> ## Now the LDAP default base dn
>
> basedn "ou=get,o=get,c=fr"
>
> ## Let's define the privileged Account Allowed to Modify the LDAP entries
> ldaproot "cn=httpd,ou=get,o=get,c=fr"
> ldappwd  "secret"
>
> ## Let's define some Directory Env
> ## supposed to find there the bin/, sbin/ directory
> ldapbasedir "/var/lib/ldap"
>
> I don't find what go wrong !!
>
> regards
>
>
>
> >Slim CHTOUROU schrieb:
> >>
> >> hy everyboby
> >> I have a problem in adding ca certificate to LDAP
> >> initializing LDAP connection ... Ok.
> >>
> >>               Adding Organization Entry ... Error!
> >>               32
> >>
> >>               Adding CA Certificate ... Error!
> >>               32
> >>
> >>               Disconnecting ... Ok
> >
> >I don't know how you produce this outut with OpenCA but errorcode 32
> >means "no such object". Normally the basedn is wrong or a part of the DN
> >except of the full DN does not exist.
> >
> >Michael
> >--
> >-------------------------------------------------------------------
> >Michael Bell                   Email (private): [EMAIL PROTECTED]
> >Rechenzentrum - Datacenter     Email:  [EMAIL PROTECTED]
> >Humboldt-University of Berlin  Tel.: +49 (0)30-2093 2482
> >Unter den Linden 6             Fax:  +49 (0)30-2093 2959
> >10099 Berlin
> >Germany                                       http://www.openca.org
> >
> >_______________________________________________
> >Openca-Users mailing list
> >[EMAIL PROTECTED]
> >https://lists.sourceforge.net/lists/listinfo/openca-users
> >
>
> _______________________________________________
> Openca-Users mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/openca-users


_______________________________________________
Openca-Users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-users

Reply via email to