Hi, It's like I am talking to my self..:-) (third posting to myself..:))
Anyway, I was looking at the message that I posted and found that in my openca config file the option --with-ldap-root="cn=Manager, o=ODU PKI ,c=US" \ has o=ODU PKI , I mean the coma ',' is after a white space after the value ODU PKI. Is that a problem? Is that why openCA read is as just o=ODU as it adds jut o=ODU in the ldap.conf under OpenCA/etc/srever of OpenCA root directory. ***More details below.. Thanks a lot... Pavan Sura. From: "PavanKumar Sura" <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: [Openca-Users] Improting configuration on RA: Ldap error: Failed in Bind: 2 Date: Sun, 08 Sep 2002 19:23:56 -0400 Hi, After going through the archieves of OpenLdap I figured out the Bind 2 error problem. Some one asked to add "allow bind_v2" in the slapd.conf file and now __IT WORKS after adding this line. It looks like OpenCA by default is looking for version 2 of Ldap and in Ldap, version 2 is disabled by default. I didnot know how to enable version 3 of Ldap in openca so after making slapd.conf to accept version 2 requests it works. I __DONOT get the error in the __FIRST line below anymore "Importing CA-Certificates into ldap ... Failed in Bind: 2 Cannot write CA-Certificate 75a5cb34d97a8ba44c4279fcb32eb8f4 to LDAP" But the second line still shows up when i tried to import the configuration on htdocs-online site (RAServer Init). The problem I geuss is that the CA cert has O=ODU in it and in the slapd.conf I have: database bdb suffix "o=ODU PKI, c=US" rootdn "cn=Manager, o=ODU PKI, c=US" rootpw secret And in my openca configure file I gave the following ldap options --with-ldap-url=dot.cs.odu.edu \ --with-ldap-port=9009 \ --with-ldap-root="cn=Manager, o=ODU PKI ,c=US" \ --with-ldap-root-pwd="secret" \ As I mentioned in my previous mail, When I checked my ldap.conf file under etc/srever of OpenCA I found that the basedn is set to "o=ODU, c=US" (which is done automatically while installing OpenCA). But if I am correct this should be same as suffix of slapd.conf of ldap (as seen above) o=ODU PKI unlike 0=ODU here I guess openca is missing to add the PKI part of 0=ODU PKI while installing OpenCA. Now I am ready to reinstall OpenCA with modified options changing o=ODU PKI to 0=ODU as my CA certificate has o=ODU. But before that I would appreciate if some one could clarify me with the below two more doubts. I can then modify any files if required and reinstall OpenCA. I asked these questions in my previous mail also... 1. when i looked at certsMail file under OpenCA/lib/servers/ra directory it read the following urls besided other information ======================================================================= "follow the proposed link to import the certificate directly from the server https://dot.cs.odu.edu/cgi-bin/cgi-public/pki?cmd=getcert&key=@SERIAL@&type=CERTIFICATE Please, import the CA certificate (or the PKI chain) from our server to check the correctness of your certificate: https://dot.cs.odu.edu/htdocs-public"; ====================================================================== those links won't work as my htdocs-public is running on port 8888. It shoud be some thing like https://dot.cs.odu.edu:8888/htdocs-public 2. in the https://dot.cs.odu.edu:4443/htdocs-ldap/ page in the Utilities part, the Ldap Search link is not seen...I just see a plain "Ldap Search" text without any link to it...? Any pointers.. Also i donot if this is an error but the slapd deamon shows this line for any requet: ber_get_next on fd 11 failed errno=11 (Resource temporarily unavailable) Thanks a lot for all your help. Pavan Sura. _________________________________________________________________ MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx ------------------------------------------------------- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390 _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users Pavan Sura Masters in Computer Science Old Dominion University Norfolk, Virginia. Email: [EMAIL PROTECTED] _________________________________________________________________ Join the world�s largest e-mail service with MSN Hotmail. http://www.hotmail.com ------------------------------------------------------- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390 _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
