Hi,
I don't know if this could help you but the order of the attibutes in the DN really matters.
For exemple a DN like this : CN=xxx,OU=xxx,O=xxx,c=xxx is different from CN=xxx,OU=xxx,O=xxx,C=xxx.
So you should take care of cn=Manager,o=ubiquando,ou=CO because the o=ubiquando and ou=CO seems to be misordered.
Hope this can help you,
Sebastien Poggi
| Johnny Gonzalez <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED] 23/07/2004 21:43
|
|
Hello Diego,
I don't know if what you did is valid, but I will
check it out.
Thanks,
Johnny
--- "Diego I. Rosso" <[EMAIL PROTECTED]>
escribi�: > Johnny, five minutes ago i have the same
problems...
> i debug ldap and find this, when openca whant to
> install CA Certificates intro Ldap, it's try to do
> with email address, no with serial number like the
> other certificates. What I do... i don't know well
> if it's right, i use ADD LDAP WITH MODIFIED DN and
> change this
>
> [EMAIL PROTECTED],CN=Ac de
> Prueba,OU=Nuevo,O=Empresa,C=AR (for example)
>
> to this
>
> serialnumber=0,CN=Ac de
> Prueba,OU=Nuevo,O=Empresa,C=AR
> With this change i could import CA certificates into
> ldap
>
> Johnny, como veras mi ingles no es el mejor de
> todos.. si prefieres seguimos en castellano, ahh
> sobre los esquemas duplicados... me paso lo mismo
> estan los mismos object en el openca.schema como en
> el core.schema si mal no recuerdo. Espero te sirva
>
>
>
>
>
> ----- Original Message -----
> From: Johnny Gonzalez
> To: [EMAIL PROTECTED]
> Sent: Friday, July 23, 2004 1:50 PM
> Subject: [Openca-Users] Is there a OpenCA-OpenLDAP
> step by step config guide??
>
>
> Hello,
>
> I'm trying to Update LDAP using the Interface
> provided
> by http://localhost/ldap and the link
> CA-Certificates
> but appears this error message:
>
> Certificate 0 FAILED (error -4: Distinguished name
> conflicts with basedn(s).)
>
> What's going on?
> My /etc/openldap/ldap.conf files has these
> options:
>
> SIZELIMIT 12
> TIMELIMIT 15
> #DEREF never
> #BASE dc=ubiquando,dc=com
> #basedn "dc=ubiquando,dc=com"
> BINDDN cn=Manager,o=ubiquando,ou=CO
>
> BASE o=ubiquando,c=CO
>
> HOST 192.168.0.253
> PORT 389
>
>
> ldaproot "cn=Manager,o=ubiquando,c=CO"
> ldappwd "U8rmtQVDhrbNyi6GMS2SIVtGAIBxEcJD"
>
>
> and in the file: /etc/openldap/slapd.conf:
>
> include /etc/openldap/schema/core.schema
> include /etc/openldap/schema/cosine.schema
> include
> /etc/openldap/schema/inetorgperson.schema
> include /etc/openldap/schema/nis.schema
> include
> /etc/openldap/schema/redhat/autofs.schema
>
>
> # Allow LDAPv2 client connections. This is NOT
> the
> default.
> allow bind_v2
>
> # Do not enable referrals until AFTER you have a
> working directory
> # service AND an understanding of referrals.
> #referral ldap://root.openldap.org
>
> pidfile /var/run/slapd.pid
>
>
> access to * by * read
>
>
#######################################################################
> # ldbm and/or bdb database definitions
>
>
#######################################################################
>
> database ldbm
> readonly off
> suffix "o=ubiquando,c=CO"
> rootdn "cn=Manager,o=ubiquando,c=CO"
> rootpw
> {SSHA}U8rmtQVDhrbNyi6GMS2SIVtGAIBxEcJD
>
> directory /var/lib/ldap
>
> # Indices to maintain for this database
> index objectClass eq,pres
> index ou,cn,mail,surname,givenname
> eq,pres,sub
> index uidNumber,gidNumber,loginShell eq,pres
> index uid,memberUid
> eq,pres,sub
> index nisMapName,nisMapEntry
> eq,pres,sub
>
> LDAP "yes"
>
> ## LDAP Server Name
> ldapserver localhost
>
> ldapversion 2
> ## ldapversion 3
>
> ## LDAP Port Number ( defaults to 389 )
> ldapport 389
>
> ## LDAP Maximum number of records returned by a
> query
> ldaplimit 100
>
> ## Now the LDAP default base dn
> basedn "o=ubiquando, c=CO"
>
> ## Let's define the privileged Account Allowed to
> Modify the LDAP entries
> ldaproot "cn=Manager,o=ubiquando,c=CO"
> ldappwd "ubiquando"
>
> ## Let's define some Directory Env
> ## supposed to find there the bin/, sbin/
> directory
> #ldapbasedir "/usr/local/ldap"
>
> #ldapbasedir "/usr/local/ldap"
>
> LDAP_CRL_Issuer ""
> LDAP_CA_DN ""
>
> 1. Is this configuration, ok?
>
> 2. I don't know why it says that the distinguished
> name conflicts with basedn(s). Which distinguished
> name? the one for the certificate I'm trying to
> Update in LDAP?
>
> 3. I haven't modified anything in OpenCA, like
> adding
> elements to the certificates, like for saying i'm
> omiting an element or something, so what happens?
>
> 4. Following the tips that Oliver gave me I added
> this
> line to the slapd.conf file:
>
> include /etc/openldap/schema/openca.schema
>
>
> But when I try to restart openldap appears this
> error
> message:
>
> [EMAIL PROTECTED] httpd]# service ldap restart
> Parando slapd: [
> OK
> ]
> Iniciando slapd:
> /etc/openldap/schema/openca.schema:
> line 122: Duplicate objectClass: "2.5.6.21"
>
>
> [FALL�]
>
> Notes:
> Parando = stoping
> Iniciando = starting
> FALL� = FAILED
>
> When I take out the line:
>
>
> include /etc/openldap/schema/openca.schema
>
> back again from the file, the error message
> appears
> again.
>
> 5. Can anyone give me the address of a
> step-by-step
>
=== message truncated ===
______________________________________________
Yahoo! lanza su nueva tecnolog�a de b�squedas
�te atreves a comparar?
http://busquedas.yahoo.es
-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click
_______________________________________________
Openca-Users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-users
