Michael, I am testing again LDAP with OpenCA. I am using the default value DN_WITHOUT_EMAIL "Y" and I included these two objectClasses:
objectclass ( 1.2.840.113533.7.67.7
NAME 'rfc822MailUser'
SUP top AUXILIARY
MAY ( rfc822Mailbox ) )
objectclass ( 1.2.840.113533.7.67.4 NAME 'uniquelyIdentifiedUser'
DESC 'OpenCA object'
SUP top AUXILIARY
MUST serialNumber )
It runs OK for user's certificates,
but the CA's certificate is published only if I choose "Add to LDAP with
modified DN" and erase the emailAddress. I used the objectClasses you've
created, but it doesn't work to. The software is looking for the old ones.
Where can I configure that the CA's certificate is also without email in
DN?
Another problem is that I can't
publish the CRL too, I get this message:
-
Loading CRL ...
loaded CRL 7535e2812a67c407db01aace8b5e0b73
-
Checking the configuration for a special
issuer ...
No special issuer was specified!
-
Pushing CRL 7535e2812a67c407db01aace8b5e0b73
to LDAP ...
Cannot write CRL to LDAP (error 32: No such object) Last Update: Dec 3 21:17:17 2003 GMT Next Update: Jan 2 21:17:17 2004 GMT
And the option "Add to LDAP with
modified DN" doesn't work. What can I do?
Thanks!!!
Pat
