Hi Max, Thanks for your help here again !!! From the sample file section for LDAP I did not get the idea that these directives would be required but of course this makes sense to me. I am running the OCSPD responder in combination with Novell eDirectory 8.8.1 (storing CRL) and (Root Certs). using the following configuration:
#################################################################### [ dbms_ldap ] 0.ca = @ldap_ca_1 [ ldap_ca_1 ] crl_url = ldap://cn=OCSPD, ou=ocspd, ou=services, o=ema:[EMAIL PROTECTED]:389 crl_entry_dn = "cn=ngrca, ou=OCSPD, ou=services, o=ema" crl_entry_attribute = "certificateRevocationList;binary" # ca_url = ldap://cn=OCSPD, ou=OCSPD, ou=services, o=ema:[EMAIL PROTECTED]:389 ca_entry_attribute = "cACertificate;binary" ca_entry_dn = "cn=NTS-Global-RootCA, ou=OCSPD, ou=services, o=ema" #################################################################### I might have to have two more questions on LDAP: ===================================== 1) Is there a way to define a Base DN / search context for the LDAP objects ? 2) Is there a way to run the LDAP connection over SSL ? 3) Is there a way to enrypt the user password used for the LDAP bind ? Best Regards Klaus > Klaus Gast wrote: > > Hi, > > Hi, > > > Finally I found some time to run a test using an LDAP directory storing > > the CRL and the RootCA > [...] > > [ ldap_ca_1 ] > > crl_url = ldap://10.2.91.241:389 > > crl_entry_dn = "cn=ngrca, ou=services, o=ema" > > crl_entry_attribute = "certificateRevocationList;binary" > > ca_entry_dn = "cn = ntsgroot, ou=services, o=ema" > > > Oct 2 20:38:27 dus-lab-lnkgast ocspd[1602]: variable lookup failed for > > ldap_ca_1::ca_url > > It seems like you are missing the ca_url configuration (where the > CA certificate is to be retrieved from), for example: > > ca_url = ldap://10.2.91.241:389 > > please verify you have set also the other attributes: > > ca_entry_dn = "cn=ngrca, ou=services, o=ema" > ca_entry_attribute = "caCertificate;binary" > > Let me know if this helps... > > Cheers, > --- Max > > > ------------------------------------------------------------------------- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net's Techsay panel and you'll get the chance to share your > opinions on IT & business topics through brief surveys -- and earn cash > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > _______________________________________________ > Openca-Users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/openca-users ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Openca-Users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openca-users
