Ron Gedye schrieb: > > Well on the way to getting everything complete. I have a question regarding > LDAP. > When doing a query, I note that each (user) appears twice, one without the > cert & one with. > What causes this and is there any way to change this behavior (using default > ldap base, etc.0.9.1 RC4 on Redhat 7.2)
Every user appears "twice" because the DNs have the following structure: serialNumber=123, cn=Ron Gedye, ou=... The ldap-code must build complete tree in your ldap-server. 1. cn=Ron Gedye, ou=... 2. serialNumber=123, ou=... The second dn is the one which stores your certificate. This is necessary because OpenSSL allows only one valid certificate for each dn. This is no problem for the first time but if you need a second certificate or you want to renew your certificate then you have a problem if you only use your name to make your dn unique. If you are sure that you have no problems with this then you can deactivate the adding of the serial in ra.conf and ca.conf (SET_CERTIFICATE_SERIAL_IN_DN). We activated it by default to avoid such problems for users which don't know all the details of OpenSSL. Regards, Michael -- ------------------------------------------------------------------- Michael Bell Email (private): [EMAIL PROTECTED] Rechenzentrum - Datacenter Email: [EMAIL PROTECTED] Humboldt-University of Berlin Tel.: +49 (0)30-2093 2482 Unter den Linden 6 Fax: +49 (0)30-2093 2959 10099 Berlin Germany http://www.openca.org ------------------------------------------------------- In remembrance www.osdn.com/911/ _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
