I've setup 0.9.1-7 with most of the defaults including the use of the old-style DNs.
Starting with an "empty" OpenLDAP database, and with debug on in the LDAP-related functions (Thanks Michael !), I've gotten OpenCA to establish the root entry (o=Trident,c=US in my case) as well as the next entry (OU=intern,o=Trident,c=US). It now comes to creating an entry for the CA-Certificate into LDAP and I get the following two lines from the slapd log. Note that my LDAP schema includes the pkiCA, pkiUser, and even that rfc822MailUser object classes otherwise I would not have gotten past the root entry creation. Anyway, the issue according to the slapd log is that none of the object classes that OpenCA is using include an "email" attribute which OpenLDAP is requiring because it is part of the DN.
My question: if OpenCA defaults to putting email in DN, then what LDAP object class did OpenCA expect to have an email attribute?
Here's the two relevant lines from the slapd log.
conn=0 op=5 ADD dn="[EMAIL PROTECTED],cn=ca,ou=intern,o=Trident,c=US"
conn=0 op=5 RESULT tag=105 err=64 text=naming attribute 'email' is not present in entry
Here's the debug info shown in the browser. Note that I added a loop that lists the objectclasses to complement the debug loop of the attributes. :)
Try to add [EMAIL PROTECTED],CN=ca,OU=intern,o=Trident, c=US ...
attribute: emailAddress
value: [EMAIL PROTECTED]
LDAP Schema DN: [EMAIL PROTECTED],CN=ca,OU=intern,o=Trident, c=US
node doesn't exist
Attributes for the insertion:
ou = intern
cn = ca
mail = [EMAIL PROTECTED]
objectclass = ARRAY(0x8d1c4e8)
Objectclasses for the insertion:
top
organizationalRole
rfc822MailUser
pkiCA
pkiUser
Must setup a CA-cert
The resultcode of the nodeinsertion was 64.
Cannot write CA-Certificate 510b56b8e9fdba7a91cda4f6e6c56d5f to LDAP
Thank you. Gene Hovey
------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
