>Open CA 0.9.2RC4 OpenLDAP 2.1.29 Every module (CA/LDAP...) is installed on the same computer (test purposes)
My problem:> CA-Certificate to the same LDAP comes up with this error:
I can add (normal) certificates to LDAP perfectly. Trying to add the
Certificate 0 FAILED (error 65: LDAP-add failed: no structural object class provided)
This error is VERY repeatable (al least in my system). I'm trying to add it via the LDAP-Module. Regardless if I choose "LDAP Update" -> "CA Certificates" or if I try it via "CA-Certificates" -> "Valid" ->
"...Serial..." -> Add to LDAP.
What is the subject (DN) of the CA certficate. This problems happen if there is an attribute in the DN which is not defined in ldap.xml. ldap.xml includes a schema area where we define supported attributes for CA certificate, certificates and normal nodes. Example:
cn=CA, o=HU, c=DE
o and c must be supported in schema/default and cn must be supported in schema/ca. Sometimes there are attributes which we don't support but we can add them to ldap.xml so that they are automatically part of the next release.
I tried to figure out if there is a possibility by changing the ldap.xml (attributes). Nothing.
What did you changed and where did you changed it?
At my slapd.conf I included all
core.schema cosine.schema inetorgperson.schema openca.schema
Correct.
(by the way: is it normal, that pkiCA is defined in core.schema AND openca.schema? This leads to errors. After deleting the entry in one of the files it's okay)
This is correct. We included pkiCA and pkiUser to our schema file because old directory servers does not include these objectclasses. You can simply delete them from openca.schema if you have a modern directory server.
When I try to add it to LDAP with different DN, an internal server error appears.
This is a bug. If you go to viewCert (or viewCRL) then you find there some definitions of GET_PARAMS_CMD=... This is wrong. Correct is GET_PARAMS_CMD.value=... I fixed it in CVS.
Michael -- ------------------------------------------------------------------- Michael Bell Email: [EMAIL PROTECTED] ZE Computer- und Medienservice Tel.: +49 (0)30-2093 2482 (Computing Centre) Fax: +49 (0)30-2093 2704 Humboldt-University of Berlin Unter den Linden 6 10099 Berlin Email (private): [EMAIL PROTECTED] Germany http://www.openca.org
-------------------------------------------------------
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE.
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
_______________________________________________
Openca-Users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-users
