Hi,
> I'm editing config.xml to support LDAP, but there are only 2 options:
> ldaproot and ldaprootpwd, what about basedn? Where will OpenCA write to
> LDAP?
> I want to use 1 LDAP tree to serve 2 instances of OpenCA (just for
> testing purpose), is it possible?
IIRC, the base dn can be configured in etc/ldap.xml.template and defaults
to o=<your organization, c=<your country>.
For my setup, e. g., I modified it to use only c= as base dn:
<openca>
<ldap>
...
<suffix>
<!-- <dn>[EMAIL PROTECTED]@, [EMAIL PROTECTED]@</dn> -->
<dn>[EMAIL PROTECTED]@</dn>
</suffix>
As long as you do not publish EE certificates to LDAP (only CA certs
and CRLs), the nodes can coexist on the same level in the LDAP
hierarchy. If you choose to publish certs, you will have to make
sure that your CAs span distinct name space. Otherwise updates
might overwrite each other.
Martin
-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
_______________________________________________
Openca-Users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openca-users
