Hi to all, I've some problems with LDAP
The problem is a bit strange: from the stderr.log I can see that
OpenCA for the certificates it tries to export to LDAP, for the ones
with corresponding BaseDN, it says:
OpenCA::LDAP->add_object: The resultcode of the nodeinsertion was 1
for the others, it says:
OpenCA::LDAP->add_object: dn conflicts with basedn(s)
so I think the procedure is working. But when I execute:
[EMAIL PROTECTED] root]# ldapsearch -x -b '' -s base '(objectclass=*)'
version: 2
#
# filter: (objectclass=*)
# requesting: ALL
#
#
dn:
objectClass: top
objectClass: OpenLDAProotDSE
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
so it seems there is nothing in the LDAP server. I try also to create
the LDAP schema using an ldif file:
dn: o=PKI-XX, c=IT
objectClass: top
objectClass: organization
o: o=PKI-XX
dn: cn=root, o=PKI-XX, c=IT
cn: root
userPassword:: ....
objectClass: top
objectClass: organizationalRole
objectClass: simpleSecurityObject
but nothing happens. How is possible ?
Here are some informations on the configuration files:
- slapd.conf (by OpenLDAP) (here I report only the important ones)
...
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/redhat/autofs.schema
include /etc/openldap/schema/redhat/kerberosobject.schema
include /etc/openldap/schema/misc.schema
include /etc/openldap/schema/openca.schema
...
# only for testing :-)
access to dn="" by * write
access to *
by self write
by users read
by anonymous auth
...
suffix "o=PKI-XX, c=IT"
rootdn "cn=root, o=PKI-XX, c=IT"
basedn "o=PKI-XX, c=IT"
rootpw verydifficultpassword
- ldap.conf (by OpenLDAP)
# Only two settings
HOST 127.0.0.1
BASE "o=PKI-XX, c=IT"
- ldap.conf (by OpenCA)
LDAP "yes"
LDAP_CRL_Issuer ""
LDAP_CA_DN ""
- config.xml (by OpenCA) (also if is not so usefull because I don't
recreate the configuration files with configure.sh)
<!-- ========================= -->
<!-- ldap server configuration -->
<!-- ========================= -->
<option>
<name>ldap_host</name>
<value>10.10.1.2</value>
</option>
<option>
<name>ldap_port</name>
<value>389</value>
</option>
<option>
<name>ldaproot</name>
<value>cn=root, o=PKI-XX, c=IT</value>
</option>
<option>
<name>ldaprootpwd</name>
<value>verydifficultpassword</value>
</option>
<option>
<name>useLDAP</name>
<value>yes</value>
</option>
<option>
<name>update_ldap_automatic</name>
<value>no</value>
</option>
- ldap.xml (by OpenCA)
<openca>
<ldap>
<debug>1</debug>
<excluded_roles>
<role>publish_all_roles</role>
</excluded_roles>
<suffix>
<dn>O=PKI-XX,C=IT</dn>
</suffix>
<host>10.10.1.2</host>
<port>389</port>
<protocol_version>2</protocol_version>
<tls>no</tls>
<sasl>no</sasl>
<chain>/home/openca-installed/var/crypto/chain</chain>
<login>CN=root,O=PKI-XX,C=IT</login>
<passwd>verydifficultpassword</passwd>
...
Thanks for the help.
--
Diego de Felice
-------------------------------------------------------
This SF.Net email is sponsored by: NEC IT Guy Games. How far can you shotput
a projector? How fast can you ride your desk chair down the office luge track?
If you want to score the big prize, get to know the little guy.
Play to win an NEC 61" plasma display: http://www.necitguy.com/?r
_______________________________________________
Openca-Users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openca-users
