Re: [Openca-Users] Is there a OpenCA-OpenLDAP step by step config guide??

[Diego I. Rosso]

Johnny, five minutes ago i have the same problems... i debug ldap and find this, when openca whant to install CA Certificates intro Ldap, it's try to do with email address, no with serial number like the other certificates. What I do... i don't know well if it's right, i use ADD LDAP WITH MODIFIED DN and change this   [EMAIL PROTECTED],CN=Ac de Prueba,OU=Nuevo,O=Empresa,C=AR   (for example)   to this   serialnumber=0,CN=Ac de Prueba,OU=Nuevo,O=Empresa,C=AR With this change i could import CA certificates into ldap Johnny, como veras mi ingles no es el mejor de todos.. si prefieres seguimos en castellano, ahh sobre los esquemas duplicados... me paso lo mismo estan los mismos object en el openca.schema como en el core.schema si mal no recuerdo. Espero te sirva     ----- Original Message ----- From: Johnny Gonzalez To: [EMAIL PROTECTED] Sent: Friday, July 23, 2004 1:50 PM Subject: [Openca-Users] Is there a OpenCA-OpenLDAP step by step config guide?? Hello, I'm trying to Update LDAP using the Interface provided by  http://localhost/ldap and the link CA-Certificates but appears this error message: Certificate 0 FAILED (error -4: Distinguished name conflicts with basedn(s).) What's going on? My /etc/openldap/ldap.conf files has these options: SIZELIMIT       12 TIMELIMIT       15 #DEREF          never #BASE dc=ubiquando,dc=com #basedn "dc=ubiquando,dc=com" BINDDN cn=Manager,o=ubiquando,ou=CO BASE o=ubiquando,c=CO HOST 192.168.0.253 PORT 389 ldaproot "cn=Manager,o=ubiquando,c=CO" ldappwd "U8rmtQVDhrbNyi6GMS2SIVtGAIBxEcJD" and in the file: /etc/openldap/slapd.conf: include         /etc/openldap/schema/core.schema include         /etc/openldap/schema/cosine.schema include        /etc/openldap/schema/inetorgperson.schema include         /etc/openldap/schema/nis.schema include        /etc/openldap/schema/redhat/autofs.schema # Allow LDAPv2 client connections.  This is NOT the default. allow bind_v2 # Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #referral       ldap://root.openldap.org pidfile /var/run/slapd.pid access to * by * read ####################################################################### # ldbm and/or bdb database definitions ####################################################################### database        ldbm readonly        off suffix          "o=ubiquando,c=CO" rootdn          "cn=Manager,o=ubiquando,c=CO" rootpw          {SSHA}U8rmtQVDhrbNyi6GMS2SIVtGAIBxEcJD directory       /var/lib/ldap # Indices to maintain for this database index objectClass                       eq,pres index ou,cn,mail,surname,givenname      eq,pres,sub index uidNumber,gidNumber,loginShell    eq,pres index uid,memberUid                     eq,pres,sub index nisMapName,nisMapEntry            eq,pres,sub LDAP "yes" ## LDAP Server Name ldapserver localhost ldapversion 2 ## ldapversion 3 ## LDAP Port Number ( defaults to 389 ) ldapport 389 ## LDAP Maximum number of records returned by a query ldaplimit 100 ## Now the LDAP default base dn basedn "o=ubiquando, c=CO" ## Let's define the privileged Account Allowed to Modify the LDAP entries ldaproot "cn=Manager,o=ubiquando,c=CO" ldappwd  "ubiquando" ## Let's define some Directory Env ## supposed to find there the bin/, sbin/ directory #ldapbasedir "/usr/local/ldap" #ldapbasedir "/usr/local/ldap" LDAP_CRL_Issuer "" LDAP_CA_DN      "" 1. Is this configuration, ok? 2. I don't know why it says that the distinguished name conflicts with basedn(s). Which distinguished name? the   one for the certificate I'm trying to Update in LDAP? 3. I haven't modified anything in OpenCA, like adding elements to the certificates, like for saying i'm omiting an element or something, so what happens? 4. Following the tips that Oliver gave me I added this line to the slapd.conf file: include         /etc/openldap/schema/openca.schema But when I try to restart openldap appears this error message: [EMAIL PROTECTED] httpd]# service ldap restart Parando slapd:                                 [  OK ] Iniciando slapd: /etc/openldap/schema/openca.schema: line 122: Duplicate objectClass: "2.5.6.21"                                                           [FALL�] Notes:  Parando = stoping  Iniciando = starting  FALL� = FAILED When I take out the line: include         /etc/openldap/schema/openca.schema back again from the file, the error message appears again. 5. Can anyone give me the address of a step-by-step guide to configure OpenLDAP to work with OpenCA? I'm working on Fedora Core 1, and with OpenCA-0.9.1.8 Thanks a lot, Johnny ______________________________________________ Yahoo! lanza su nueva tecnolog�a de b�squedas �te atreves a comparar? http://busquedas.yahoo.es ------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users