Scott McDermott wrote:
1. It works.However, it seems like the assumption of o=,l=,c= is pretty well ingrained into OpenCA. I find no reference to the newer dc= syntax anywhere in the documentation and it seems to make assumptions all over the place about the CA being set up to serve an o=,c= -style installation. I did find some vague references in mailing list archives saying that it might be possible to use dc= bases but there does not seem to be any concrete confirmation that this can work, or what about the install/configure/initialization procedures would have to change to accomodate this.
2. You have to do the following:
- fix the basedn in ldap.conf and online.conf (OPENCADIR/etc/servers, see details in actual OpenCA-guide)
- fix the ldap-URL in certsMails.txt (OPENCADIR/lib/servers/ra/mails)
- if you create the CA-cert then you must enter your DN at the last step when the dialog ask you to confirm the complete DN.
Where does the system make assumptions about o=,c= syntax? Basic request (basic_csr) is completely configurable. Perhaps IE- and SPKAC-requests are problematical but this is fixable.It does look like I can do things like set DN_TYPE_BASE_BASE and other run-time config variables and possibly get it to do what I want, but I'm not sure if the auto-LDAP might break or what else might stop working because it makes assumptions about o=,c= syntax being used.
Best regards
Michael
--
-------------------------------------------------------------------
Michael Bell Email (private): [EMAIL PROTECTED]
Rechenzentrum - Datacenter Email: [EMAIL PROTECTED]
Humboldt-University of Berlin Tel.: +49 (0)30-2093 2482
Unter den Linden 6 Fax: +49 (0)30-2093 2959
10099 Berlin
Germany http://www.openca.org
-------------------------------------------------------
This sf.net email is sponsored by: Are you worried about your web server security? Click here for a FREE Thawte Apache SSL Guide and answer your Apache SSL security needs: http://www.gothawte.com/rd523.html
_______________________________________________
Openca-Users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-users
