hi, try to issue CA certificate without email (do not fill email part) and turn schemachecking off (use "schemacheck off" in slapd.conf) - that is working for me.
martin lizner www.anect.com czech rep. -----Original Message----- From: Pramila Rani [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 12, 2002 9:37 AM To: [EMAIL PROTECTED] Cc: Openca-Users (E-mail) Subject: [Openca-Users] LDAP and CA-certs Hello, I am now using Jun 4th SNAP of OpenCA. I have standard setup of openldap and openca. I am still having problems publishing CA Certs and CRLs to LDAP. I configured ldap.conf to have : LDAP_CRL_Issuer "[EMAIL PROTECTED],cn=openca.comt.co.ae,ou=OCA,o=ComtOCA,c=AE" LDAP_CA_DN "[EMAIL PROTECTED],cn=openca.comt.co.ae,ou=OCA,o=ComtOCA,c=AE" CA-Cert addition says : Certificate 0 FAILED CRL addition says : Cannot write CRL to LDAP I have my slapd.conf and the debug information attached below. Can you please tell me if there is anything else I need to do? I am probably missing something. Thanks Pramila --------------------slapd.conf -------------------------------- # $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.7 2001/09/27 20:00:31 kurt Exp $ include /usr/local/etc/openldap/schema/core.schema include /usr/local/etc/openldap/schema/cosine.schema include /usr/local/etc/openldap/schema/inetorgperson.schema # Define global ACLs to disable default read access. pidfile /usr/local/var/slapd.pid argsfile /usr/local/var/slapd.args # ldbm database definitions database ldbm suffix "o=ComtOCA,c=AE" rootdn "cn=LDAP Manager,o=ComtOCA,c=AE" rootpw xyzabc directory /usr/local/var/openldap-ldbm # Indices to maintain index objectClass eq ---------------------------------------------------------------------------------- -------------------- debug infor for adding valid ca-certs ----------------------- Checking for a special DN where to store CA-certificates ... Special DN is "[EMAIL PROTECTED],cn=openca.comt.co.ae,ou=OCA,o=ComtOCA,c=AE" Adding valid CA-certificates to the LDAP server ...Information of the Object: .... .... Try to add cn=openca.comt.co.ae,ou=OCA,o=ComtOCA, c=AE ... LDAP Schema DN: cn=openca.comt.co.ae,ou=OCA,o=ComtOCA, c=AE node exists Try to add [EMAIL PROTECTED],cn=openca.comt.co.ae,ou=OCA,o=ComtOCA,c=AE ... LDAP Schema DN: [EMAIL PROTECTED],cn=openca.comt.co.ae,ou=OCA,o=ComtOCA,c=AE node doesn't exist Certificate 0 FAILED -------------------- debug infor for adding CRL -------------------------------- Loading CRL ...ldap-utils.lib: LDAP_get_crl: try to determine the newest CRL loaded CRL 7985e4847b7683677f843095fc0c5a8a Checking the configuration for a special issuer ... Special issuer is "[EMAIL PROTECTED],cn=openca.comt.co.ae,ou=OCA,o=ComtOCA,c=AE" Pushing CRL 7985e4847b7683677f843095fc0c5a8a to LDAP ...addLDAPattribute : DN= [EMAIL PROTECTED],cn=openca.comt.co.ae,ou=OCA,o=ComtOCA,c=AE attr: certificateRevocationList;binary LDAP Searchfilter : (certificateRevocationList;binary=*) LDAP Search Mesg-Code 32 LDAP Search Mesg-Count 0 Search for the attribute failed. Cannot write CRL to LDAP Last Update: Jun 12 05:58:56 2002 GMT Next Update: Jul 12 05:58:56 2002 GMT Pramila Rani Project Manager Comtrust Tel : +971 2 6349222 _______________________________________________________________ Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users _______________________________________________________________ Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
