On Wed, 31 Jul 2002, Massimiliano Pala wrote: > Date: Wed, 31 Jul 2002 11:19:40 +0200 > From: Massimiliano Pala <[EMAIL PROTECTED]> > To: OpenCA Users <[EMAIL PROTECTED]> > Subject: Re: [Openca-Users] OpenCA .0.9 - LDAP > > Olaf Dreyer wrote: > > Hi, > > > > I created the following hierachy, all other entries are inserted by the > > OpenCA software. And i found it extremely helpfull to set DEBUG=1 in > > ./lib/functions/mail-utils.lib. And have a look into the file > > ./etc/servers/ldap.conf. > > > > I hope this helps > > Hi, > > well if your base dn for the PKI was "ou=DeLaval CA, o=dreyer, c=DE" you > could simply setup the LDAP directory for that basedn and in the raserver.conf > modify the LDAP parameters accordingly. Or you could set the root to "o=dreyer, > c=DE" and adding the CA certificate there ( but this is a choice ). Can I ask > you why you have set the OU in the "CA" entry ? Is there some arguments or it > is just a choice based on the better way to find the CA entry ? > Well, if i used an existing entry (o=dreyer, c=DE) to add the CA certificates there, i got an error 65 (OBJECT_CLASS_VIOLATION). To get arround this error (quickly) i created the new OU and edited the ldap.conf file: LDAP_CA_DN "ou=DeLaval CA,o=DIS, c=DE"
I want to setup OpenCA to work on an existing LDAP Server. Unfortunately the DNs of the user entries look quite different: dn: [EMAIL PROTECTED], ou=unit1, dc=o-dreyer, dc=de, dc=. dn: [EMAIL PROTECTED], ou=orgunit, dc=o-dreyer, dc=com, dc=. Is it possible to support such a scheme, not following the X.500 rules with OpenCA/OpenSSL? Olaf Dreyer ------------------------------------------------------- This sf.net email is sponsored by: Dice - The leading online job board for high-tech professionals. Search and apply for tech jobs today! http://seeker.dice.com/seeker.epl?rel_code=31 _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
