Hi,
I'm unable to issue certificates with multivalue attributes in DN: issueCert silently fails and I get back a blank page.
Which version of OpenCA do you use? I think 0.9.2 should support it.
Our LDAP tree has got the following structure:
UID=uniq-uid,OU=people,O=KFKI RMKI,O=KFKI,O=NIIF,C=HU
(I know a little bit baroque - we have to live with it).
In order to upload the certificates into LDAP we figured out that the certs would be issued with DN-s like:
CN=real name+UID=uniq-uid,OU=people,O=KFKI RMKI,O=KFKI,O=NIIF,C=HU
CN is not required to do this with 0.9.2. 0.9.2 has full dynamic schema support.
and OpenLDAP would then strip down CN and put the cert into the proper entry.
This is not really correct. OpenLDAP does nothing with the cert. This is the job of OpenCA's LDAP code :)
So we edited the request and added the uid attribute and its value. Then the CSR's detailt page displayed:
Common Name: n/a
and then the issuing attempt failed as described above.
Do we want to do something illegal/unsupported/totally stupid?
You do nothing completeley stupid. This has to work with 0.9.2. So my important question is which version do you test? I don't know what happens if you use 0.9.1.
Michael -- ------------------------------------------------------------------- Michael Bell Email: [EMAIL PROTECTED] ZE Computer- und Medienservice Tel.: +49 (0)30-2093 2482 (Computing Centre) Fax: +49 (0)30-2093 2704 Humboldt-University of Berlin Unter den Linden 6 10099 Berlin Email (private): [EMAIL PROTECTED] Germany http://www.openca.org
------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
