I've setup 0.9.1-7 with most of the defaults including the use of the old-style DNs.
Starting with an "empty" OpenLDAP database, and with debug on in the LDAP-related functions (Thanks Michael !), I've gotten OpenCA to establish the root entry (o=Trident,c=US in my case) as well as the next entry (OU=intern,o=Trident,c=US). It now comes to creating an entry for the CA-Certificate into LDAP and I get the following two lines from the slapd log. Note that my LDAP schema includes the pkiCA, pkiUser, and even that rfc822MailUser object classes otherwise I would not have gotten past the root entry creation. Anyway, the issue according to the slapd log is that none of the object classes that OpenCA is using include an "email" attribute which OpenLDAP is requiring because it is part of the DN.
My question: if OpenCA defaults to putting email in DN, then what LDAP object class did OpenCA expect to have an email attribute?
The objectclass for 0.9.1 was rfc822MailUser from Entrust. OpenCA 0.9.2 has an own objectclass for this case to support rfc822mailbox and pkcs#9 emailaddress. rfc822MailUser only supports rfc822MailBox. Please notice that it is not recommended to include an emailaddress into the subject of a certificate.
BTW can you give us an information which directory server do you use? This helps us to write a better documentation because we know which directory server can cause which problems. We know that OpenLDAP is more strict from release to release but we heard one special sideeffect from Novell too.
Michael -- ------------------------------------------------------------------- Michael Bell Email: [EMAIL PROTECTED] ZE Computer- und Medienservice Tel.: +49 (0)30-2093 2482 (Computing Centre) Fax: +49 (0)30-2093 2704 Humboldt-University of Berlin Unter den Linden 6 10099 Berlin Email (private): [EMAIL PROTECTED] Germany http://www.openca.org
------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
