Hello,
I am now using Jun 4th SNAP of OpenCA.
I have standard setup of openldap and openca. I am still having problems publishing CA
Certs and CRLs to LDAP.
I configured ldap.conf to have :
LDAP_CRL_Issuer
"[EMAIL PROTECTED],cn=openca.comt.co.ae,ou=OCA,o=ComtOCA,c=AE"
LDAP_CA_DN
"[EMAIL PROTECTED],cn=openca.comt.co.ae,ou=OCA,o=ComtOCA,c=AE"
CA-Cert addition says : Certificate 0 FAILED
CRL addition says : Cannot write CRL to LDAP
I have my slapd.conf and the debug information attached below.
Can you please tell me if there is anything else I need to do? I am probably missing
something.
Thanks
Pramila
--------------------slapd.conf --------------------------------
# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.7 2001/09/27 20:00:31 kurt Exp $
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
# Define global ACLs to disable default read access.
pidfile /usr/local/var/slapd.pid
argsfile /usr/local/var/slapd.args
# ldbm database definitions
database ldbm
suffix "o=ComtOCA,c=AE"
rootdn "cn=LDAP Manager,o=ComtOCA,c=AE"
rootpw xyzabc
directory /usr/local/var/openldap-ldbm
# Indices to maintain
index objectClass eq
----------------------------------------------------------------------------------
-------------------- debug infor for adding valid ca-certs -----------------------
Checking for a special DN where to store CA-certificates ...
Special DN is
"[EMAIL PROTECTED],cn=openca.comt.co.ae,ou=OCA,o=ComtOCA,c=AE"
Adding valid CA-certificates to the LDAP server ...Information of the Object:
....
....
Try to add cn=openca.comt.co.ae,ou=OCA,o=ComtOCA, c=AE ...
LDAP Schema DN: cn=openca.comt.co.ae,ou=OCA,o=ComtOCA, c=AE
node exists
Try to add
[EMAIL PROTECTED],cn=openca.comt.co.ae,ou=OCA,o=ComtOCA,c=AE
...
LDAP Schema DN:
[EMAIL PROTECTED],cn=openca.comt.co.ae,ou=OCA,o=ComtOCA,c=AE
node doesn't exist
Certificate 0 FAILED
-------------------- debug infor for adding CRL --------------------------------
Loading CRL ...ldap-utils.lib: LDAP_get_crl: try to determine the newest CRL
loaded CRL 7985e4847b7683677f843095fc0c5a8a
Checking the configuration for a special issuer ...
Special issuer is
"[EMAIL PROTECTED],cn=openca.comt.co.ae,ou=OCA,o=ComtOCA,c=AE"
Pushing CRL 7985e4847b7683677f843095fc0c5a8a to LDAP ...addLDAPattribute : DN=
[EMAIL PROTECTED],cn=openca.comt.co.ae,ou=OCA,o=ComtOCA,c=AE
attr: certificateRevocationList;binary
LDAP Searchfilter : (certificateRevocationList;binary=*)
LDAP Search Mesg-Code 32
LDAP Search Mesg-Count 0
Search for the attribute failed.
Cannot write CRL to LDAP
Last Update: Jun 12 05:58:56 2002 GMT
Next Update: Jul 12 05:58:56 2002 GMT
Pramila Rani
Project Manager
Comtrust
Tel : +971 2 6349222
_______________________________________________________________
Sponsored by:
ThinkGeek at http://www.ThinkGeek.com/
_______________________________________________
Openca-Users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-users
