I would really appreciate your patience...to read my problem given below ============================MY SETUP=================== First I had configured OpenLdap version 2.x with qmail on my machine.... I have successfully created users and sent & recieved mails. paths for the two are.
The base dn was as per structure.ldif file
openldap /etc/openldap/ldap.conf
openldap /etc/openldap/slapd.conf
openldap /etc/openldap/schema/core.schema
qmail /var/qmail/qmail-1.03
Then I downloaded the openca-0.9-RC2.tar.gz and installed the same in
/usr/local/
My configuration options are as per "setup" file
Before executing the ./setup file I made changes in the following -
/usr/local/openca-0.9.0/contrib/openca/openca.ldif
/usr/local/openca-0.9.0/contrib/openca/slapd.conf
I changed the core.schema file provided by default at
/usr/local/openca-0.9.0/src/modules/perl-ldap-0.25/data/core.schema to the obne
used by me by copying my file at the same localtion
/usr/local/openca-0.9.0/src/modules/perl-ldap-0.25/data/
(By the way what is the relevance of the other files in this folder how do I
make openca use my ldif and schema files located at /etc/openldap/ what are the
cert.pem and key.pem files for)
openca.ldif was replaced by structure.ldif
and I made sure that slapd.conf was as per my Ldap server settings.
Then after this I executed the ./setup file to configure the openca
Then I install all five components on the same machine
make install-ca
make install-ra
make install-pub
make install-online
make install-ldap
I have configured my apache for three virtual hosts.
The following services are running on my server
tcpserver
qmail-send
slapd
httpd
==========================MY QUERY========================
MY QUERY
WHY AM I NOT ABLE ADD DATA TO LDAP.
IN THE LDAP INTERFACE WHEN I CLICK ON A LINK (CA-CERTIFICATES/ CERTIFICATES/
CRL) UNDER UPDATE LDAP
-----------------------------------------------
Exporting valid ca-certificates to LDAP ...
(Please wait until operation completes)
Checking for a special DN where to store CA-certificates ...
Special DN is "cn=Manager, ou=members, o=centralbank.co.in"
Adding valid CA-certificates to the LDAP server ...
Certificate 0 OK
---------------------------------------------
Updating certificates on the LDAP server
(Please wait until operation completes)
Exporting valid certificates to LDAP ...
Certificate 1 FAILED
Certificate 2 FAILED
Removing revoked certificates from LDAP ...
-------------------------------------------
Updating the CRL on the LDAP ...
(Please wait until operation completes)
Loading CRL ...
loaded CRL df6de201e2fe7d9303fa189dee897681
Checking the configuration for a special issuer ...
No special issuer was specified!
Pushing CRL df6de201e2fe7d9303fa189dee897681 to LDAP ...
Cannot write CRL to LDAP
Last Update: Aug 12 10:17:34 2002 GMT
Next Update: Sep 11 10:17:34 2002 GMT
-------------------------------------------------------------
Even if I try to add a certificate by clicking on the "ADD TO LDAP" button
provided under "VIEW CA-CERIFICATES" or VIEW CERTIFICATES" I get the same
errors
Exporting certificate to LDAP ...
(Please wait until operation completes)
---------------------
Certificate 0 FAILED
Exporting certificate to LDAP ...
(Please wait until operation completes)
--------------------
Certificate 1 FAILED
Would really appreciate your guidance and help
Regards
Sonu
========================my config files=====================
structure.ldif file
------------------
dn: ou=members, o=sonu.co.in
objectClass: top
objectClass: Organization
o: sonu.co.in
description: sonu.co.in ldap server
==============================
slapd.conf file
-------------------
# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.7 2001/09/27 20:00:31
kurt Exp $
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /etc/openldap/schema/core.schema
#include /etc/openldap/schema/cosine.schema
#include /etc/openldap/schema/inetorgperson.schema
#include /etc/openldap/schema/nis.schema
#include /etc/openldap/schema/redhat/rfc822-MailMember.schema
#include /etc/openldap/schema/redhat/autofs.schema
#include /etc/openldap/schema/redhat/kerberosobject.schema
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
#pidfile //var/run/slapd.pid
#argsfile //var/run/slapd.args
# Create a replication log in /var/lib/ldap for use by slurpd.
#replogfile /var/lib/ldap/master-slapd.replog
# Load dynamic backend modules:
# modulepath /usr/sbin/openldap
# moduleload back_ldap.la
# moduleload back_ldbm.la
# moduleload back_passwd.la
# moduleload back_shell.la
#
# The next two lines allow use of TLS for connections using a dummy test
# certificate, but you should generate a proper certificate by changing to
# /usr/share/ssl/certs, running "make slapd.pem", and fixing permissions on
# slapd.pem so that the ldap user or group can read it.
# TLSCertificateFile /usr/share/ssl/certs/slapd.pem
# TLSCertificateKeyFile /usr/share/ssl/certs/slapd.pem
#
TLSCertificateFile
/usr/local/openca-0.9.0/src/modules/perl-ldap-0.25/data/cert.pem
TLSCertificateKeyFile
/usr/local/openca-0.9.0/src/modules/perl-ldap-0.25/data/key.pem
# Sample Access Control
# Allow read access of root DSE
# Allow self write access
# Allow authenticated users read access
# Allow anonymous users to authenticate
#
#access to dn="" by * read
#access to *
# by self write
# by users read
# by anonymous auth
#
# if no access controls are present, the default is:
# Allow read by all
#
# rootdn can always write!
#######################################################################
# ldbm database definitions
#######################################################################
database ldbm
suffix "ou=members,o=sonu.co.in"
#suffix "o=My Organization Name,c=US"
rootdn "cn=Manager,ou=members,o=sonu.co.in"
#rootdn "cn=Manager,o=My Organization Name,c=US"
# Cleartext passwords, especially for the rootdn, should
# be avoided. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw secret
# rootpw {crypt}ijFYNcSNctBYg
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd/tools. Mode 700 recommended.
#directory /var/lib/ldap
directory /usr/local/ldap
# Indices to maintain
#index objectClass,uid,uidNumber,gidNumber,memberUid eq
#index cn,mail,surname,givenname eq,subinitial
# Replicas to which we should propagate changes
#replica host=ldap-1.example.com:389 tls=yes
# bindmethod=sasl saslmech=GSSAPI
# [EMAIL PROTECTED]
===========================================================================
ldap.conf file
------------------
# $OpenLDAP: pkg/ldap/libraries/libldap/ldap.conf,v 1.4.8.6 2000/09/05 17:54:38
kurt Exp $
#
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
BASE ou=members, o=sonu.co.in
HOST 172.16.16.16:389
#URI ldap://ldap.example.com ldap://ldap-master.example.com:666
#SIZELIMIT 12
#TIMELIMIT 15
SIZELIMIT 0
TIMELIMIT 0
#DEREF never
=======================================================================
setup file
---------------
#! /bin/sh
./configure \
--with-httpd-user=httpd \
--with-httpd-group=websrc \
--with-openca-user=httpd \
--with-openca-group=websrc \
--with-exec-prefix=/home/httpd \
--with-openssl-prefix=/usr/local/ssl \
--with-scep-openssl-prefix=/usr/local/ssl \
--with-web-host=172.16.16.16 \
--with-ca-organization="sonu.co.in" \
--with-ca-locality="mumbai" \
--with-ca-country="IN" \
--with-ldap-url=172.16.16.16 \
--with-ldap-port=389 \
--with-ldap-root="cn=Manager,ou=members,o=sonu.co.in" \
--with-ldap-root-pwd="secret" \
--enable-db \
--disable-dbi \
--prefix=/home/httpd \
--with-service-mail-account="[EMAIL PROTECTED]"
====================END==================
__________________________________________________
Do You Yahoo!?
HotJobs - Search Thousands of New Jobs
http://www.hotjobs.com
core.schema
Description: core.schema
sonu.doc
Description: sonu.doc
