Re: R: [Openca-Users] Openca and LDAP

Thu, 11 Mar 2004 06:53:53 -0800

Paolo Prandini wrote:

If I set ldap.conf to:

HOST srv1.in.spe.net
BINDDN cn=LDAP Manager,O=SomeCompany,c=IT
BASE c=IT

and slapd.conf to:

database        ldbm
suffix          "C=IT"
rootdn          "cn=SomeCompany,C=IT"
rootpw          SomePasswd
directory       /usr/local/ldap

is it ok?

Yes.

Second you must configure OpenCA to use this feature. This is like using
OpenLDAP. If you configured "it" as suffix then you must configure this
in suffix/dn in ldap.xml. If you configured two suffixes then you must
create two dns for the suffix in ldap.xml. Example

  <suffix>
    <dn>O=SomeCompany,C=IT</dn>
    <dn>O=SomeOtherCompany,C=IT</dn>
  </suffix>

If this doesn't work then it is a bug because it already worked. 

Must I also change values in config.xml? I see many options related to LDAP.
I think at least the following ones must be set:

        <option>
            <name>basedn</name>
            <value>c=IT</value>
        </option>
        <option>
            <name>ldaproot</name>
            <value>cn=LDAP Manager,o=SomeCompany,c=IT</value>
        </option>

config.xml only performs a preconfiguration. ldap.xml is the core configuration file for LDAP.

then I think the change must be done in ldap.xml.template setting:

    <suffix>
      <dn>[EMAIL PROTECTED]@</dn>
    </suffix>

instead of

    <suffix>
      <dn>[EMAIL PROTECTED]@, [EMAIL PROTECTED]@</dn>
    </suffix>

Am I right? am I still missing something? I don't want to use the multiple
DN solution because I don't know how many DN I will have...

You can fix it in the template and then running configure_etc.sh or you change it in ldap.xml directly. Both is possible in your case.

Michael
--
-------------------------------------------------------------------
Michael Bell                   Email: [EMAIL PROTECTED]
ZE Computer- und Medienservice            Tel.: +49 (0)30-2093 2482
(Computing Centre)                        Fax:  +49 (0)30-2093 2704
Humboldt-University of Berlin
Unter den Linden 6
10099 Berlin                   Email (private): [EMAIL PROTECTED]
Germany                                       http://www.openca.org



-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Openca-Users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-users

Reply via email to