Hi Johnny,
Johnny Gonzalez wrote:
Finally when I try to update ldap with the normal certificates, it's done sucessfully. But When I try to update with my CA-Certificate, I get this error message:
Checking for a special DN where to store CA-certificates ...
There is no special DN specified.
Adding valid CA-certificates to the LDAP server ...
Certificate 0 FAILED (error 64: LDAP-add failed: naming attribute 'email' is not present in entry)
First I think you have an OpenLDA v2. If schemachecking in slapd.conf is on then OpenLDAP v2 checks that the used attribute and it's value in the DN is also in the data of the node. This means that a DN like [EMAIL PROTECTED], cn=CA, ou=... should result in node which contains at minimum [EMAIL PROTECTED] The problem is that emailAddress is a PKCS#9 attribute which is not part of the common objectclasses of LDAP schema. We fix this issue in 0.9.2 with our own schema extensions which include the emailAddress. We cannot port this to 0.9.1 because it would break existing 0.9.1 installations. Therefore the only solution is to switch off schemachecking in slapd.conf (OpenLDAP's configurationfile ).
Michael -- ------------------------------------------------------------------- Michael Bell Email: [EMAIL PROTECTED] ZE Computer- und Medienservice Tel.: +49 (0)30-2093 2482 (Computing Centre) Fax: +49 (0)30-2093 2704 Humboldt-University of Berlin Unter den Linden 6 10099 Berlin Email (private): [EMAIL PROTECTED] Germany http://www.openca.org
------------------------------------------------------- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
