Re: [Openca-Users] ldap

Wed, 11 Sep 2002 06:31:09 -0700 

Thank you once again for your response.

Ron
----- Original Message -----
From: "Michael Bell" <[EMAIL PROTECTED]>
Cc: "OpenCA" <[EMAIL PROTECTED]>
Sent: Wednesday, September 11, 2002 2:38 AM
Subject: Re: [Openca-Users] ldap


> Ron Gedye schrieb:
> >
> > Well on the way to getting everything complete.  I have a question
regarding
> > LDAP.
> > When doing a query, I note that each (user) appears twice, one without
the
> > cert & one with.
> > What causes this and is there any way to change this behavior (using
default
> > ldap base, etc.0.9.1 RC4 on Redhat 7.2)
>
> Every user appears "twice" because the DNs have the following structure:
>
> serialNumber=123, cn=Ron Gedye, ou=...
>
> The ldap-code must build complete tree in your ldap-server.
>
> 1. cn=Ron Gedye, ou=...
> 2. serialNumber=123, ou=...
>
> The second dn is the one which stores your certificate. This is
> necessary because OpenSSL allows only one valid certificate for each dn.
> This is no problem for the first time but if you need a second
> certificate or you want to renew your certificate then you have a
> problem if you only use your name to make your dn unique.
>
> If you are sure that you have no problems with this then you can
> deactivate the adding of the serial in ra.conf and ca.conf
> (SET_CERTIFICATE_SERIAL_IN_DN).
>
> We activated it by default to avoid such problems for users which don't
> know all the details of OpenSSL.
>
> Regards,
>
> Michael
> --
> -------------------------------------------------------------------
> Michael Bell                   Email (private): [EMAIL PROTECTED]
> Rechenzentrum - Datacenter     Email:  [EMAIL PROTECTED]
> Humboldt-University of Berlin  Tel.: +49 (0)30-2093 2482
> Unter den Linden 6             Fax:  +49 (0)30-2093 2959
> 10099 Berlin
> Germany                                       http://www.openca.org
>
>
> -------------------------------------------------------
> In remembrance
> www.osdn.com/911/
> _______________________________________________
> Openca-Users mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/openca-users
>



-------------------------------------------------------
In remembrance
www.osdn.com/911/
_______________________________________________
Openca-Users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-users

Reply via email to