Francis Thebault wrote:
OpenCA usually checks for the existence of the object in the function addLDAPobject in ldap-utils.lib. If you are sure that OpenCA tries to add the object again then please activate the debugging in the function by setting $DEBUG to a true value and send the output to the list. I have no problem with LDAP updates.
I have tried what you state below, but if the object already exists in the tree, OpenCA wants to add (ldap-utils.lib) the object instead of modifying the object and adding the certificate as an attribute to the object. Of course an error occurs and it fails.
There doesn't seem to be a way that I can see (without alterations or scripting) to allows this to happen. Am I right or am I missing something?
Also I noticed that the objects are always a person (inetOrgPerson) even though it could be a router or whatever.The reason for using inetOrgPerson is the existence of the attribute userCertificate. If the object already exists then we don't modify the objectclasses. If you need a special structure then you must generate the ldap tree by yourself and then running OpenCA which only exports the certs to the directory server.
There doesn't seem to be a way of specifying (that I can see) that an object could have a "SUP top AUXILIARY" instead of "SUP top STRUCTURAL"
Am I right?
If this is the case, I guess allowing OpenCA create a different tree in the same LDAP server is the solution, but I just want to make sure.No, the behaviour which you descibe is a bug.
Best regards
Michael
P.S. I added a new section to the OpenCA Guide which describes the configuration of OpenCA for dc-style.
--
-------------------------------------------------------------------
Michael Bell Email (private): [EMAIL PROTECTED]
Rechenzentrum - Datacenter Email: [EMAIL PROTECTED]
Humboldt-University of Berlin Tel.: +49 (0)30-2093 2482
Unter den Linden 6 Fax: +49 (0)30-2093 2959
10099 Berlin
Germany http://www.openca.org
-------------------------------------------------------
This SF.NET email is sponsored by: FREE SSL Guide from Thawte
are you planning your Web Server Security? Click here to get a FREE
Thawte SSL guide and find the answers to all your SSL security issues.
http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0026en
_______________________________________________
Openca-Users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-users
