Hello ListUsers,
after successful installation of ca and ra on two different machines I
initialized the ca and generated ca, ca-operator and ra-operator
certificates. Since I am using virtual machines I export the data to a
directory where there is mounted a simple file via loop. After exporting
all the stuff at the ca i brang this file to the ra and loop-mounted it
there. When trying to import the data it works, but importing the data
into my ldap directory fails with the following error.
Das CA-Zertifikat 14803646f8a9ef9d41326cc5760626e951981f8d konnte nicht auf den
LDAP-Server kopiert werden (34). Das Login in den LDAP-Server schlug fehl:
invalid DN
I'm a newbie concerning ldap, so I expect my failure in the ldap
configuration.
Here is, what I have in my slapd.conf :
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/openca.schema
pidfile /usr/local/var/run/slapd.pid
argsfile /usr/local/var/run/slapd.args
access to *
by self write
by users read
by anonymous auth
database bdb
suffix "dc=blaundblub,dc=com"
rootdn "cn=root,dc=blaundblub,dc=com"
rootpw secret
directory /usr/local/var/openldap-data
index objectClass eq
Before starting slapd I put openca.schema in the slapd-schema directory
and commented two parts of core.schema cause they were found twice in
core and in openca.schema :
#
#objectclass ( 2.5.6.21 NAME 'pkiUser'
# DESC 'RFC2587: a PKI user'
# SUP top AUXILIARY
# MAY userCertificate )
#objectclass ( 2.5.6.22 NAME 'pkiCA'
# DESC 'RFC2587: PKI certificate authority'
# SUP top AUXILIARY
# MAY ( authorityRevocationList $ certificateRevocationList $
# cACertificate $ crossCertificatePair ) )
I think I'm right here, cause slapd starts after that changes and runs
very well. When I connect using gq I can browse the direcory and see the
schema. When I configure Firefox or Evolution to use my newly
configured ldap I can logon anonymously or using
cn=root,dc=blaundblub,dc=com and my password 'secret'.
The ldap-part of my config.xml looks like that :
<option>
<name>ldap_host</name>
<value>localhost</value>
</option>
<option>
<name>ldap_port</name>
<value>389</value>
</option>
<option>
<name>ldaproot</name>
<value>root</value>
</option>
<option>
<name>ldaprootpwd</name>
<value>secret</value>
</option>
<option>
<name>useLDAP</name>
<value>yes</value>
</option>
<option>
<name>update_ldap_automatic</name>
<value>yes</value>
</option>
... and localhost is reachable, loopback interface on the machine is ok.
I had a look at : $openca/etc/servers/ra-node.conf :
## LDAP Section:
## =============
LDAP "yes"
updateLDAPautomatic "yes"
.... looks ok to me.
.... and looked at $openca/etc/servers/ldap.conf :
LDAP "yes"
LDAP_CRL_Issuer ""
LDAP_CA_DN ""
and wondered if this can be correct, but even when I changed that one to :
LDAP "yes"
LDAP_CRL_Issuer "cn=root,dc=blaundblub,dc=com"
LDAP_CA_DN "dc=blaundblub,dc=com"
it did not change anything with the problem itself.
Can anyone help me?
Thx in advance.
Jan Roesner
[EMAIL PROTECTED]
-------------------------------------------------------
SF.Net email is sponsored by:
Tame your development challenges with Apache's Geronimo App Server.
Download it for free - -and be entered to win a 42" plasma tv or your very
own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php
_______________________________________________
Openca-Users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openca-users
