Hello,
Selon PavanKumar Sura <[EMAIL PROTECTED]> : > Hai Michael, > > In my previous message about LDAP configuration you wrote: > > ====================================================================== > LDAP is optional. You must only configure the LDAP-server, start the > LDAP-server and set the correct options in > OPENCADIR/etc/servers/ldap.conf and OPENCADIR/etc/servers/online.conf > ===================================================================== > > Also on some other reply in the archieve when asked about how to I configure > > openca-0.9-RC2 with openldap 2-23-4, you wrote : > > ================================================================== > If you still use 0.9.0 then you must do the following: > > 1. configure your slapd.conf > > 2. install OpenCA and edit OPENCADIR/etc/servers/ldap.conf and > OPENCA/etc/servers/online.conf (you must change the variables described > in the OpenCA-guide) > > 3. you must initialize your LDAP-server with a minimal LDIF-file. If you > use a newer RC or 0.9.0 then OpenCA can do this for you automatically. > ====================================================================== > > I am new to OpenLdap and bit confused about many issues. I have gone through > > docs, guides and faqs but still unable to setup LDAP for openca in unix. > Here are my questions: > > Q1> > I downloaded openldap-2.1.3 and untarred it. Now I have to make some changes > > in the slapd.conf file as you wrote. Slapd.conf is in the path to > openldap-2.1.3/servers/slapd/ directory. Did you mean to modify this file?. I've used the one in openca/contrib then made the following change to make it works with openldap-2 Using the provided include : include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/redhat/rfc822-MailMember.schema include /etc/openldap/schema/redhat/autofs.schema include /etc/openldap/schema/redhat/kerberosobject.schema changing this line: index cn,sn,uid,mail eq,subinitial ( adding eq,subinitial ) > > Q2> > I changed last three lines in the below section under ldbm database > definitions in slapd.conf. Is that all I need to modify in slapd.conf > > database bdb I use ldbm. > suffix "dc=ODU,dc=EDU" > rootdn "cn=Manager,dc=ODU,dc=EDU" > rootpw openca specify the directory where the database should belong : directory /usr/local/ldap-db ( for example.. then create it ) > > Q3> > Also I am using Berkeley database which I installed in unix. In the above > section does "bdb" will do or should I have to give path to any file of > Berkeley Database. Note that none of my dependent tools are in default > location. That is I installed most of the software including perl in my > account space and they do not generally reside in /usr/local/etc... > Also I installed OpenSSL under my home path in a specific directory. > So my question is what all options should I supply while executing > ./configure. Also do I have to set any env option before configure? I would > be appreciate if you can provide all the options that I need to use after > ./configure and the env option before ./configure > > Q4> > In the second step above you asked to install OpenCA after configuring > slapd.conf. When shall I install OpenLdap then? I donot see any > OPENCADIR/etc/ directory. I am aussming that it will be created once I > install openLdap. is that right? just do a make install ( all the stuff will goes to /usr/local/openca ) > Q5> > Also do I have to install any modules to intigrate OpenLdap, OpenCA and > Apache? If so which one's. Any links to the modules???? Check this link : http://authzldap.othello.ch/ openca publish the cert in the ldap dir then apache match the credentials provided by the visitor against the directory and the ca cert provided by openca. If someone know something better ... :-) > Q6> > In the last step you said "you must initialize your LDAP-server with a > minimal LDIF-file." I am really not clear what you meant here about > initializing LDAP-server with minimal LDIF file. You can modify the ldif present in the openca/contrib dir then initialize the ldbm by issuing : slapadd -f /your/slapd.conf -l path/to/your/ldif remember you can use the -d ( debug ) thing if something goes wrong. > > Q7> > Also I cannot use the default 3 digit port for LDAP server. Where do I make > changes to use a different port (4 digit one). After issueing the last 'make > > install' command in Ldap directory do I have to start Ldap server with any > command? if so what command and how? Prefer the default one, so the clients ( outlook can by default access it without changing the port. ) > Q8> > You wrote that "If you use a newer RC or 0.9.0 then OpenCA can do this > (initialize your LDAP-server with a minimal LDIF-file) for you > automatically". I am using openca-0.9-SNAP-20020717. Do I have to use still > newer version? If yes I already installed openca-0.9-SNAP-20020717 as CA and > > generated the certificates for RA and CA. Can I use a different (newer) > verion for RA and still have openca-0.9-SNAP-20020717 for CA? > > Thank you very much Michael for your time. I am desparately waiting to see > the RA server online with or without Ldap support. I am confused with all > the configurations right now :( and have little or no time to show this work > > to my professor.. > > Pavan Sura > Masters in Computer Science > Old Dominion University > Norfolk, Virginia. > Email: [EMAIL PROTECTED] > Cyril ------------------------------------------------------- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390 _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
