Re: [Openca-Users] Fwd: Problem to export certificates to Active Directory

Fri, 27 Jan 2006 04:19:14 -0800

Thanks Johannes,
 
It works, at least I get a different error message. I don't know so much about LDAP.
 
Now when I try to export  CA-Certificate I get:
 
Certificate 0 FAILED (error 16: LDAP-add failed: 00000057: LdapErr: DSID-0C09098B, comment: Error in attribute conversion operation, data 0, v893
 
But if I try to export all certificates I get a different error:
 

Exporting valid certificates to LDAP ...

Certificate 2 FAILED (error -4: Distinguished name conflicts with basedn(s).)
 
Finally, if I export CRL I get another error:
 
Pushing CRL 6 to LDAP ...

Cannot write CRL to LDAP (error 1: 000020D6: SvcErr: DSID-03100684, problem 5012 (DIR_ERROR), data 0

Any ideas?

Thanks
 
Jose

 
2006/1/26, [EMAIL PROTECTED] <[EMAIL PROTECTED]>:
Hi,

it's just a guess but I think you have to specify the full dn of the administrator in the login field.
For example:
...
<login>cn=administrator,cn=users,o=openca, c=ES</login>
...

Regards
Johannes Derek

-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of José Eleuterio López
Sent: Thursday, January 26, 2006 10:55 AM
To: [email protected]
Subject: [Openca-Users] Fwd: Problem to export certificates to Active Directory


Hi all,
My last message was still incomplete, I hope this will be OK.
I have installed and configured Openca and it works fine. My organization use Active Directory and we want to export certificates there.
I thought that Openca could work with, but when I try to export it doesn't work.
Any ideas?  Can Openca export certificates to Active Directory? Is there a misconfiguration? Do I need to configure Active Directory?
Below you can find  the error messages and the configuration files.
When I try to export certificates I get:
Exporting valid certificates to LDAP ...
Certificate 2 FAILED (error 49: LDAP-bind failed: 80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 525, v893
In stderr.log file:

DBD::mysql::st execute failed: Unknown system variable 'NAMES' at /usr/lib/perl5/site_perl/5.8.3/OpenCA/DBI.pm line 2544.


My ldap.xml file:

<suffix>
     <dn>o=openca, c=ES</dn>
   </suffix>
   <host>172.x.x.x</host>
   <port>389</port>

<..........>
<chain>/usr/local/openca/var/crypto/chain</chain>
   <login>administrator</login>
   <passwd>xxxxxxxxxxxx</passwd>
<...........>

My ldap.conf file:

LDAP "yes"
LDAP_CRL_Issuer ""
LDAP_CA_DN      ""
My node.conf file:
LDAP "yes"
updateLDAPautomatic "yes"

Thanks
Jose


-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmdlnk&kid3432&bid#0486&dat1642
_______________________________________________
Openca-Users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openca-users

Reply via email to