Hello, I have gratefully discovered that I have to
insert the password, in the etc/servers/ldap.conf
file, in clear text and not in encrypted form as I
did.
That problem was solved, but now I'm obtaining this
error message:
Exporting valid ca-certificates to LDAP ...
(Please wait until operation completes)
Checking for a special DN where to store
CA-certificates ...
There is no special DN specified.
Adding valid CA-certificates to the LDAP
server ...
Certificate 0 FAILED (error -4: Distinguished name
conflicts with basedn(s).)
It's clear that I have something wrong in my
configuration files, but what??
Any help on this would be very appreciated.
Thanks,
Johnny
--- Johnny Gonzalez <[EMAIL PROTECTED]>
escribi�: > Hello
> I'm trying to update my ldap directory with new
> certs
> using the OpenCA Interface (http://localhost/ldap),
> but after clicking on the CA-Certificates link under
> the Update LDAP menu, appears this message:
>
>
> Exporting valid ca-certificates to LDAP ...
> (Please wait until operation completes)
>
> Checking for a special DN where to store
> CA-certificates ...
>
> There is no special DN specified.
>
> Adding valid CA-certificates to the LDAP
> server ...
>
> Certificate 0 FAILED (error 48: LDAP-bind failed:
> Inappropriate authentication)
>
>
> What should be wrong?
>
> My ldap.conf is:
>
> # $OpenLDAP: pkg/ldap/libraries/libldap/ldap.conf,v
> 1.9 2000/09/04 19:57:01 kurt
> Exp $
> #
> # LDAP Defaults
> #
>
> # See ldap.conf(5) for details
> # This file should be world readable but not world
> writable.
>
> #BASE dc=example, dc=com
> #URI ldap://ldap.example.com
> ldap://ldap-master.example.com:666
>
> SIZELIMIT 12
> TIMELIMIT 15
> #DEREF never
> BASE dc=ubiquando,dc=com
> #basedn "dc=ubiquando,dc=com"
> BINDDN cn=Manager,dc=ubiquando,dc=com
> BASE dc=ubiquando,dc=com
>
> HOST localhost
> PORT 389
>
> ldaproot "cn=Manager,dc=ubiquando,dc=com"
> ldappwd "fkV6tzoAtgsRvusTsdJlu8yHbhlNOYC+"
>
>
> And my slapd.conf is:
>
> include /etc/openldap/schema/core.schema
> include /etc/openldap/schema/cosine.schema
> include
> /etc/openldap/schema/inetorgperson.schema
> include /etc/openldap/schema/nis.schema
> include
> /etc/openldap/schema/redhat/autofs.schema
>
> # Allow LDAPv2 client connections. This is NOT the
> default.
> allow bind_v2
>
> # Do not enable referrals until AFTER you have a
> working directory
> # service AND an understanding of referrals.
> #referral ldap://root.openldap.org
>
> pidfile /var/run/slapd.pid
> #argsfile //var/run/slapd.args
>
> # Load dynamic backend modules:
> # modulepath /usr/sbin/openldap
> # moduleload back_bdb.la
> # moduleload back_ldap.la
> # moduleload back_ldbm.la
> # moduleload back_passwd.la
> # moduleload back_shell.la
>
> # The next three lines allow use of TLS for
> connections using a dummy test
> # certificate, but you should generate a proper
> certificate by changing to
> # /usr/share/ssl/certs, running "make slapd.pem",
> and
> fixing permissions on
> # slapd.pem so that the ldap user or group can read
> it.
> # TLSCACertificateFile
> /usr/share/ssl/certs/ca-bundle.crt
> # TLSCertificateFile /usr/share/ssl/certs/slapd.pem
> # TLSCertificateKeyFile
> /usr/share/ssl/certs/slapd.pem
>
> # Sample security restrictions
> # Require integrity protection (prevent
> hijacking)
> # Require 112-bit (3DES or better) encryption
> for updates
> # Require 63-bit encryption for simple bind
>
> # security ssf=1 update_ssf=112 simple_bind=64
>
> # Sample access control policy:
> # Root DSE: allow anyone to read it
> # Subschema (sub)entry DSE: allow anyone to
> read
> it
> # Other DSEs:
> # Allow self write access
> # Allow authenticated users read
> access
> # Allow anonymous users to
> authenticate
> # Directives needed to implement policy:
> # access to dn.base="" by * read
> # access to dn.base="cn=Subschema" by * read
> # access to *
> # by self write
> # by users read
> # by anonymous auth
> #
> # if no access controls are present, the default
> policy is:
> # Allow read by all
> #
> # rootdn can always write!
>
> access to * by * read
>
#######################################################################
> # ldbm and/or bdb database definitions
>
#######################################################################
>
> database ldbm
> suffix "dc=ubiquando,dc=com"
> rootdn "cn=Manager,dc=ubiquando,dc=com"
> # Cleartext passwords, especially for the rootdn,
> should
> # be avoided. See slappasswd(8) and slapd.conf(5)
> for
> details.
> # Use of strong authentication encouraged.
> rootpw
> {SSHA}fkV6tzoAtgsRvusTsdJlu8yHbhlNOYC+
> # rootpw {crypt}ijFYNcSNctBYg
>
> # The database directory MUST exist prior to running
> slapd AND
> # should only be accessible by the slapd and slap
> tools.
> # Mode 700 recommended.
> directory /var/lib/ldap
>
> # Indices to maintain for this database
>
> index objectClass eq,pres
> index ou,cn,mail,surname,givenname eq,pres,sub
> index uidNumber,gidNumber,loginShell eq,pres
> index uid,memberUid eq,pres,sub
> index nisMapName,nisMapEntry eq,pres,sub
>
> # Replicas of this database
> #replogfile /var/lib/ldap/openldap-master-replog
> #replica host=ldap-1.example.com:389 tls=yes
> # bindmethod=sasl saslmech=GSSAPI
> #
> authcId=host/[EMAIL PROTECTED]
>
>
> and my etc/servers/ldap.conf in its ldap section is:
>
> ## LDAP Section:
> ## =============
> ##
> ## As this RA Server Manager has the need to
> interact
> with ldap server,
> ## it is important ( for administrative porpouses )
> you can have
> ## privileged access to directory.
>
> LDAP "yes"
>
> ## LDAP Server Name
> ldapserver localhost
>
> ## LDAP Protocol Version
> ## Select your ldap version by leaving one of the
> following uncommented.
> ## remember to check your
> (/usr/local)/etc/openldap/slapd.conf for the allow
> sta
> tement!
>
=== message truncated ===
______________________________________________
Yahoo! lanza su nueva tecnolog�a de b�squedas
�te atreves a comparar?
http://busquedas.yahoo.es
-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click
_______________________________________________
Openca-Users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-users
