Re: [Openca-Users] problem writing ca certificate on ldap

[Alexandre Thaveau]

hi, sorry for annoying you with that again but it still not working. I used the file PKIschema in my ldap(i include it into slapd.conf) and copy the ldap-utils.lib into ...../ra/OpenCA/lib/functions i still have an error when i try to import configuration from floppy disk: Test the archive ... /bin/tar -tvf /dev/fd0 Importing archive ... Load required variables ... Changing to directory /srv/ra//OpenCA/var/tmp/tmp_31851 ... Running the import command(s) ... /bin/tar -xvf /dev/fd0 -C /srv/ra//OpenCA/var/tmp/tmp_31851 Importing the RBAC-configuration ... Ok. LDAP-support is activated Automatic LDAP-update is activated Importing valid CA_CERTIFICATE ... WARNING: Cannot update object but object is present in database FILE: /srv/ra//OpenCA/var/tmp/tmp_31851/CA_CERTIFICATE/VALID/0e6caea2b695d280ef704c7fed0b0738.pem Importing CA-Certificates into ldap ... ldap-utils.lib: LDAP_get_ca: try to determine the newest CA-cert ldap-utils.lib: LDAP_get_ca: check NOTBEFORE 20030716134337 ldap-utils.lib: LDAP_get_ca: newer ca-cert found ldap-utils.lib: LDAP_get_ca: notbefore: 20030716134337 ldap-utils.lib: LDAP_get_ca: ca: OpenCA::X509=HASH(0x8b51d18) ldap-utils.lib: LDAP_get_ca: return newest ca Information of the Object: dn [EMAIL PROTECTED],CN=ca,OU=objectweb,O=inria,C=FR cn ca serID 0 email [EMAIL PROTECTED] ou ARRAY(0x8b6d804) o inria l st c FR End of the information of the Object. element of baseDN: o=inria element of baseDN: c=FR element of the inserted DN: [EMAIL PROTECTED] element of the inserted DN: CN=ca element of the inserted DN: OU=objectweb element of the inserted DN: O=inria element of the inserted DN: C=FR Checking RootDN of Certificate ... Inserted DN BaseDN h_basedn: FR h_dn: FR h_basedn_attribute: c h_dn_attribute: C h_basedn: inria h_dn: inria h_basedn_attribute: o h_dn_attribute: O Checking the length of the DN of the Certificate ... Building the missing nodes of the LDAP-tree ... Try to add o=inria, c=FR ... LDAP Schema DN: o=inria, c=FR node doesn't exist Attributes for the insertion: o = inria authorityRevocationList;binary = certificateRevocationList;binary = cACertificate;binary = objectclass = ARRAY(0x8b7cbf0) Must setup a CA-cert The resultcode of the nodeinsertion was 32. addLDAPattribute: DN= [EMAIL PROTECTED],cn=ca,ou=objectweb,o=inria,c=FR attr: cACertificate;binary LDAP Searchfilter: (cACertificate;binary=*) LDAP Search Mesg-Code 32 LDAP Search Mesg-Count 0 Search for the attribute failed. Cannot write CA-Certificate 0e6caea2b695d280ef704c7fed0b0738 to LDAP Make CA-Certificate available on the server ...OK. Re-Building CA Chain ... Ok. Clean up ...Ok. thank you for any help. alex Michael Bell wrote: Alexandre Thaveau wrote: hi michael, thank for your answer. I don't very well ldap, where i have to copy the schema file? I can't find a file like "thefile.schema" related to openca. The schema file is for the directory server. Our schema file is for OpenLDAP. You have to include this file in the list of loaded schemas in slapd.conf. This file is usually in /etc/openldap/. If you have OpenLDAP v2+ then you can find the schemas in /etc/openldap/schema/ Michael