Resolved another problem! If the CA DN contains "emailAddress", LDAP
can complain about a "FAILED (error 17: LDAP-add failed: emailaddress:
attribute type undefined)" (I think it also complains for normal
certificates). To resolve this, simply add to openca.schema (in the
LDAP schema directory), these lines:
attributetype ( 1.2.840.113549.1.9.1 NAME 'emailAddress'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
On 8/2/05, Diego de Felice <[EMAIL PROTECTED]> wrote:
> ...
> The second problem is with the CA certificate:
>
> Attributes for the insertion:
> cn = PKI
> ou = PKI
> mail = [EMAIL PROTECTED]
> emailAddress = [EMAIL PROTECTED]
> objectclass = ARRAY(0x9f45128)
>
> Certificate 2147483647 FAILED (error 17: LDAP-add failed:
> emailaddress: attribute type undefined)
>
> and the stderr.log says:
>
> OpenCA::LDAP->add_object: may emailAddress
> OpenCA::LDAP->add_object: structural organizationalRole
> OpenCA::LDAP->add_object: structural opencaEmailAddress
> OpenCA::LDAP->add_object: structural pkiCA
> OpenCA::LDAP->add_object: Must setup a CA-cert
> OpenCA::LDAP->add_object: The resultcode of the nodeinsertion was 17
>
> I suspect there is a bit of misconfiguration with the attribute
> emailAddress, but I cannot find it in the schemas. If I add the CA
> certificate from the LDAP interface, removing the emailAddress
> attribute from the DN, the certificate is pubblished without problems.
>
--
Diego de Felice
-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_idt77&alloc_id�492&op=click
_______________________________________________
Openca-Users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openca-users
