R: [Openca-Users] Openca and LDAP

Thu, 11 Mar 2004 06:04:44 -0800 

> The solution includes two parts.
>
> First you must prepare your LDAP server to support this feature. You can
> do this by setting the suffix to "c=it". This is really uncommon because
> such a general prefix is a problem if you want to integrate this
> directory with another directory later. OpenLDAP v2 supports another
> useful feature - you can configure more than one suffix. You can
> configure in your case a suffix O=SomeCompany,C=IT and a suffix
> O=SomeOtherCompany,C=IT. This is only supported by OpenLDAP v2. Don't
> try it with v1.

If I set ldap.conf to:

HOST srv1.in.spe.net
BINDDN cn=LDAP Manager,O=SomeCompany,c=IT
BASE c=IT

and slapd.conf to:

database        ldbm
suffix          "C=IT"
rootdn          "cn=SomeCompany,C=IT"
rootpw          SomePasswd
directory       /usr/local/ldap

is it ok?

> Second you must configure OpenCA to use this feature. This is like using
> OpenLDAP. If you configured "it" as suffix then you must configure this
> in suffix/dn in ldap.xml. If you configured two suffixes then you must
> create two dns for the suffix in ldap.xml. Example
>
>    <suffix>
>      <dn>O=SomeCompany,C=IT</dn>
>      <dn>O=SomeOtherCompany,C=IT</dn>
>    </suffix>
>
> If this doesn't work then it is a bug because it already worked.

Must I also change values in config.xml? I see many options related to LDAP.
I think at least the following ones must be set:

        <option>
            <name>basedn</name>
            <value>c=IT</value>
        </option>
        <option>
            <name>ldaproot</name>
            <value>cn=LDAP Manager,o=SomeCompany,c=IT</value>
        </option>

then I think the change must be done in ldap.xml.template setting:

    <suffix>
      <dn>[EMAIL PROTECTED]@</dn>
    </suffix>

instead of

    <suffix>
      <dn>[EMAIL PROTECTED]@, [EMAIL PROTECTED]@</dn>
    </suffix>

Am I right? am I still missing something? I don't want to use the multiple
DN solution because I don't know how many DN I will have...

Thanks
Paolo



-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Openca-Users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-users

Reply via email to