Re: [Openca-Users] LDAP

[Michael Bell]

Patricia wrote:
Michael, I am testing again LDAP with OpenCA. I am using the default 
value DN_WITHOUT_EMAIL "Y" and I included these two objectClasses:

objectclass ( 1.2.840.113533.7.67.7 NAME 'rfc822MailUser'
        SUP top AUXILIARY
        MAY ( rfc822Mailbox ) )
objectclass ( 1.2.840.113533.7.67.4 NAME 'uniquelyIdentifiedUser'
        DESC 'OpenCA object'
        SUP top AUXILIARY
        MUST serialNumber )
It runs OK for user's certificates, but the CA's certificate is 
published only if I choose "Add to LDAP with modified DN" and erase the 
emailAddress. I used the objectClasses you've created, but it doesn't 
work to. The software is looking for the old ones. Where can I configure 
that the CA's certificate is also without email in DN?
One moment please, I don't remember every mail. What is the style of 
your CA certificate subject (the DN of the CA cert)? Which version of 
OpenCA do you use. This is really important because there were some 
attempts to fix exactly such a problem in the last time and I have to 
now how I can simulate your problem.

Another problem is that I can't publish the CRL too, I get this message:

            Loading CRL ...

loaded CRL 7535e2812a67c407db01aace8b5e0b73              

            Checking the configuration for a special issuer ...

No special issuer was specified!

            Pushing CRL 7535e2812a67c407db01aace8b5e0b73 to LDAP ...

 Cannot write CRL to LDAP (error 32: No such object)
	Last Update: Dec  3 21:17:17 2003 GMT
	Next Update: Jan  2 21:17:17 2004 GMT 
This happens because the node for the CA certificate was not created in 
the LDAP tree. The CRL use the same node like the CA certificate.

Michael
--
-------------------------------------------------------------------
Michael Bell                   Email: [EMAIL PROTECTED]
ZE Computer- und Medienservice            Tel.: +49 (0)30-2093 2482
(Computing Centre)                        Fax:  +49 (0)30-2093 2704
Humboldt-University of Berlin
Unter den Linden 6
10099 Berlin                   Email (private): [EMAIL PROTECTED]
Germany                                       http://www.openca.org


-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?  SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
_______________________________________________
Openca-Users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-users