hi, I'm using OpenCA 0.9.1. I have a problem, i want to publish the certificates of users to ldap, but i have already the users on LDAP with their attributes. i whish that Openca publish only the certificate and not the other attributes such mail, i have restricted the access to the attribute mail for the user that access LDAP for OpenCA operations. the errors displayed by OpenCA are:
Exporting valid certificates to LDAP ... Certificate 6 FAILED (error 50: Insufficient access) and the LDAP output is: slapd[2572]: conn=38 fd=14 ACCEPT from IP=192.168.206.xxx:1182 (IP=:: 389) slapd[2594]: conn=38 op=0 BIND dn="cn=ldap,ou=altri,dc=unitn,dc=it" method=128 slapd[2594]: conn=38 op=0 AUTHZ dn="cn=ldap,ou=altri,dc=unitn,dc=it" mech=simple ssf=0 slapd[2594]: conn=38 op=0 RESULT tag=97 err=0 text= slapd[2604]: conn=38 op=1 SRCH base="dc=unitn,dc=IT" scope=0 filter="(objectClass=subschema)" slapd[2604]: conn=38 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text= slapd[2597]: conn=38 op=2 SRCH base="ou=certification authority,dc=unitn,dc=IT" scope=0 filter="(objectClass=subschema)" slapd[2597]: conn=38 op=2 SEARCH RESULT tag=101 err=0 nentries=0 text= slapd[2595]: conn=38 op=3 SRCH base="cn=Ra admin,ou=certification authority,dc=unitn,dc=IT" scope=0 filter="(objectClass=subschema)" slapd[2595]: conn=38 op=3 SEARCH RESULT tag=101 err=0 nentries=0 text= slapd[2599]: conn=38 op=4 SRCH base="serialNumber=6,cn=Ra admin,ou=certification authority,dc=unitn,dc=IT" scope=0 filter="(objectClass=subschema)" slapd[2599]: conn=38 op=4 SEARCH RESULT tag=101 err=0 nentries=0 text= slapd[2572]: conn=39 fd=15 ACCEPT from IP=192.168.206.xxx:1183 (IP=:: 389) slapd[2572]: conn=38 fd=14 closed slapd[2611]: conn=39 op=0 BIND dn="cn=ldap,ou=altri,dc=unitn,dc=it" method=128 slapd[2611]: conn=39 op=0 AUTHZ dn="cn=ldap,ou=altri,dc=unitn,dc=it" mech=simple ssf=0 slapd[2611]: conn=39 op=0 RESULT tag=97 err=0 text= slapd[2598]: conn=39 op=1 SRCH base="serialNumber=6,cn=Ra admin,ou=certification authority,dc=unitn,dc=IT" scope=0 filter="(userCertificate;binary=*)" slapd[2598]: conn=39 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= slapd[2610]: conn=39 op=2 SRCH base="serialNumber=6,cn=Ra admin,ou=certification authority,dc=unitn,dc=IT" scope=0 filter="(mail=*)" slapd[2610]: conn=39 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text= slapd[2607]: conn=39 op=3 MOD dn="serialNumber=6,cn=Ra admin,ou=certification authority,Dc=unitn,DC=IT" slapd[2607]: conn=39 op=3 RESULT tag=103 err=50 text= slapd[2572]: conn=39 fd=15 closed which file should i modify to allow only the user certificate update? and if possible to deny the creation of users that are not present in ldap? ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
