first a small hint - you can find our documentation docs/guide/. There is a description of the options for the LDAP configuration too.
Paolo Prandini wrote:
I have one question: does someone knows how to setup OpenLDAP and OpenCA to allow SSL certificates creation for web sites where O and OU are NOT the same as the CA?
Yes :)
I mean, I have a CA with O=SomeCompany,C=IT and I want to create a certificate for a website CN=www.someothercompany.com,O=SomeOtherCompany,C=IT, but the /pub interface asks for O=SomeCompany and does not like O=SomeOtherCompany, I can correct it with the /node interface but then the certificate isn't published in the LDAP directory because of the O mismatch. I imagine it can be done, but I can't imagine how. Maybe someone had the same problem and can help us.
The solution includes two parts.
First you must prepare your LDAP server to support this feature. You can do this by setting the suffix to "c=it". This is really uncommon because such a general prefix is a problem if you want to integrate this directory with another directory later. OpenLDAP v2 supports another useful feature - you can configure more than one suffix. You can configure in your case a suffix O=SomeCompany,C=IT and a suffix O=SomeOtherCompany,C=IT. This is only supported by OpenLDAP v2. Don't try it with v1.
Second you must configure OpenCA to use this feature. This is like using OpenLDAP. If you configured "it" as suffix then you must configure this in suffix/dn in ldap.xml. If you configured two suffixes then you must create two dns for the suffix in ldap.xml. Example
<suffix>
<dn>O=SomeCompany,C=IT</dn>
<dn>O=SomeOtherCompany,C=IT</dn>
</suffix>If this doesn't work then it is a bug because it already worked.
By the way, we have some fixes for the lastest release 0.9.2 RC3 and most of the locale for it_IT; we will send it as soon as possibile.
Help is allways welcome. Did you already merged it with the latest openca.po in it_IT? I finished yesterday the first complete translation for German and found some bugs in the errormessages of AC.pm.
Thanks in advance
Michael -- ------------------------------------------------------------------- Michael Bell Email: [EMAIL PROTECTED] ZE Computer- und Medienservice Tel.: +49 (0)30-2093 2482 (Computing Centre) Fax: +49 (0)30-2093 2704 Humboldt-University of Berlin Unter den Linden 6 10099 Berlin Email (private): [EMAIL PROTECTED] Germany http://www.openca.org
------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
