> Must the entry for the CA exist in the LDAP base or is it created > automatically?
It will be created automatically. Because we have a running ldap installation we use "o=name of ca, ou=trustcenter, o=xtelligent, c=de" and it works find. But you must have
a) Working ldap directory
Check with tools like LDAPbrowser (from README, perhaps it has changed: http://www.iit.edu/~gawojar/ldap/download.html) and switch your ldap server to debugging mode (OpenLDAP: start slapd with "#> /usr/lib/openldap/slapd -d 1|2|4|8" - each bit triggers debugging of other information).
b) working openca ldap config like noted in OpenCA Guide
c) working openca config in ca.conf, ra.conf and pub.conf you must have modified all stanzas like
----------------------- DN_TYPES "BASIC"
DN_TYPE_BASIC_BODY "YES"
DN_TYPE_BASIC_KEYGEN_MODE "SERVER"
DN_TYPE_BASIC_KEYGEN_SHEET "/pki/Xtelligent_Root_CA/openca/lib/servers/ca/sheets/basic_csr_confirm_request.html"
# Here the modification begins DN_TYPE_BASIC_BASE "O" "OU" "O" "C" # [snipped] DN_TYPE_BASIC_BASE_1 "Xtelligent Root CA" DN_TYPE_BASIC_BASE_2 "Trustcenter" DN_TYPE_BASIC_BASE_3 "Xtelligent" DN_TYPE_BASIC_BASE_4 "DE"
# Not modified DN_TYPE_BASIC_ELEMENT_1 "E-Mail" DN_TYPE_BASIC_ELEMENT_2 "Name" DN_TYPE_BASIC_ELEMENT_3 "Certificate Request Group"
# modified DN_TYPE_BASIC_ELEMENT_3_SELECT "TCOperating" ------------------
The last entry defines the ou below the ca for new generated ldap items. You must look for entries with the beginning of "DN_TYPE_BASIC...", "DN_TYPE_TOKEN...", "DN_TYPE_SPKAC...", "DN_TYPE_IE..."
I hope, this helps! It's not easy if you hav'nt any experience in configuring openldap or similar products... I had only ldap related errors (wrong basedn, wrong authentication, wrong hierarchy definition) - no openca related ones!
Regards, Gottfried
Pascal VERRECCHIA schrieb:
Thank you! I'm going to change my file and try it again! Must the entry for the CA exist in the LDAP base or is it created automatically? Pascal VERRECCHIA -------------------
Pascal VERRECCHIA wrote:
Hello everybody! I have a problem and I hope you could help me! I have installed OpenCA on my computer without problems (at
last!)
and I'm going to configure my CA and RA. I have used the instructions of the OpenCA Guide and all is good
till
that I try to Initialize Database of RA. I have pointed my browser to http://pivert/ra_node (pivert is the
name of my computer and it is the equivalent with ra.results-security.de in the OpenCA Guide). I have clicked on the link Server init and Initialize Datatbase,
I
have put the floppy from ca, created above. I have configured my ldap-server (slapd.conf, ldap.conf, ca_node.conf, ra_node.conf) for the port, the LDAP server name,
the
LDAP default base, the ldaproot, the ldappwd, ... I have used the link Server init, but when I use the link Import Configuration, all is good until I have the error message : Cannot write CA-Certificate leba2280277ea2848fe893579111638e to
LDAP
and the rest is OK... What is the problem? What can I do to solve it?
Ok, fast off list ...
Do you have the most actual ldap-utils.lib? We made a lot of fixes
after
0.9.1.1 because there were many problems with our LDAP-code. I
attached
the most actual version which is part of the upcoming 0.9.1.2.
Another common problem is LDAP v3. We activated LDAP v2 by default
but a
lot of new Linux distros only activating LDAP v3 in slapd.conf.
Michael -- ------------------------------------------------------------------- Michael Bell Email: [EMAIL PROTECTED] ZE Computer- und Medienservice Tel.: +49 (0)30-2093 2482 (Computing Centre) Fax: +49 (0)30-2093 2704 Humboldt-University of Berlin Unter den Linden 6 10099 Berlin Email (private): [EMAIL PROTECTED] Germany http://www.openca.org
------------------------------------------------------- This SF.net email is sponsored by: Etnus, makers of TotalView, The best thread debugger on the planet. Designed with thread debugging features you've never dreamed of, try TotalView 6 free at www.etnus.com. _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
------------------------------------------------------- This SF.net email is sponsored by: Etnus, makers of TotalView, The best thread debugger on the planet. Designed with thread debugging features you've never dreamed of, try TotalView 6 free at www.etnus.com. _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
