On Fri, 12 Mar 2004, Michael Bell wrote: > Kadlecsik Jozsi wrote: > > > > I'm unable to issue certificates with multivalue attributes in DN: > > issueCert silently fails and I get back a blank page. > > Which version of OpenCA do you use? I think 0.9.2 should support it.
0.9.2-RC2 > > Our LDAP tree has got the following structure: > > > > UID=uniq-uid,OU=people,O=KFKI RMKI,O=KFKI,O=NIIF,C=HU > > > > (I know a little bit baroque - we have to live with it). > > > > In order to upload the certificates into LDAP we figured out that the > > certs would be issued with DN-s like: > > > > CN=real name+UID=uniq-uid,OU=people,O=KFKI RMKI,O=KFKI,O=NIIF,C=HU > > CN is not required to do this with 0.9.2. 0.9.2 has full dynamic schema > support. Could you please give more hints? :-) How should OpenCA be configured then? > > and OpenLDAP would then strip down CN and put the cert into the proper > > entry. > > This is not really correct. OpenLDAP does nothing with the cert. This is > the job of OpenCA's LDAP code :) Of course OpenLDAP does not modify the cert. I meant OpenCA sends the LDAP requests and OpenLDAP transforms it to put into the proper LDAP entry. Best regards, Jozsef -- E-mail : [EMAIL PROTECTED], [EMAIL PROTECTED] PGP key: http://www.kfki.hu/~kadlec/pgp_public_key.txt Address: KFKI Research Institute for Particle and Nuclear Physics H-1525 Budapest 114, POB. 49, Hungary ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
