hello i think you are right. and it might introduce problems to my production setup in the future as well.
martin lizner www.anect.com czech rep. On Thu, 13 Feb 2003, Francis Thebault wrote: > Thank You for your reply. > > I have tried what you state below, but if the object already exists in the > tree, OpenCA wants to add (ldap-utils.lib) the object instead of modifying > the object and adding the certificate as an attribute to the object. Of > course an error occurs and it fails. > There doesn't seem to be a way that I can see (without alterations or > scripting) to allows this to happen. Am I right or am I missing something? > > Also I noticed that the objects are always a person (inetOrgPerson) even > though it could be a router or whatever. > There doesn't seem to be a way of specifying (that I can see) that an > object could have a "SUP top AUXILIARY" instead of "SUP top STRUCTURAL" > Am I right? > > If this is the case, I guess allowing OpenCA create a different tree in > the same LDAP server is the solution, but I just want to make sure. > > Thanks and good day to all > > Francis Thebault > > > > > > Martin Lizner <[EMAIL PROTECTED]> > 13.02.2003 09:41 > > Pour : Francis Thebault <[EMAIL PROTECTED]> > cc : [EMAIL PROTECTED] > Objet : Re: [Openca-Users] Existing LDAP tree structure > > > hello > > it's possible. you've got to follow the hierarchy in you ldap tree - dn of > your certificates has to respect ldap tree, ie if your ldap tree is: > > o=organization,c=country > > your openca should produce certificates with dn ie: > > [EMAIL PROTECTED],cn=name > surname,ou=department,o=organization,c=country > > you can configure openca for your ldap at compile time (follow configire > options) or afterwards in $your_openca_directory/etc/servers/*.conf > > if certificate's dn does not respect your ldap tree you can still add it > to ldap with modified dn manually via ra interface, possibly you can > create script for many certificates to add. i have no expirience with > that, escpecially what is the behaviour of clients looking up certificates > with modified dn in ldap. > > martin lizner > www.anect.com > czech rep. > > On Wed, 12 Feb 2003, Francis Thebault wrote: > > > Hello, > > > > I would like to find out if it is possible to add certificates created > > with OpenCA to an already existing LDAP tree structure. > > Is OpenCA configurable to allow this flexibility? > > > > Thank You and Best Regards > > > > Francis Thebault > > > ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
