I am a new user setting up 0.9.1 RC7 intending to deploy in a production environment. We are using dc=questra,dc=com for our base DN (as is recommended by just about every document I can find on the subject for modern installations) and it is a firm requirement that our CA's DN and those of the any role accounts, and issued certificates, be in OUs of this base.
However, it seems like the assumption of o=,l=,c= is pretty well ingrained into OpenCA. I find no reference to the newer dc= syntax anywhere in the documentation and it seems to make assumptions all over the place about the CA being set up to serve an o=,c= -style installation. I did find some vague references in mailing list archives saying that it might be possible to use dc= bases but there does not seem to be any concrete confirmation that this can work, or what about the install/configure/initialization procedures would have to change to accomodate this. It does look like I can do things like set DN_TYPE_BASE_BASE and other run-time config variables and possibly get it to do what I want, but I'm not sure if the auto-LDAP might break or what else might stop working because it makes assumptions about o=,c= syntax being used. Has anyone done this before and could assert that this was entirely possible before I go down this path. Any comments on how feasible it is to use this style or what special considerations must be made would be greatly appreciated. Thanks. ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
