Klaus Gast wrote:
> Hi Max,
Hi Klaus,
> Thanks for your help here again !!! From the sample file section for
[...]
> combination with Novell eDirectory 8.8.1 (storing CRL) and (Root Certs).
> using the following configuration:
Great... so we might say.. it works with Novell eDirectory too :-D
[...]
> I might have to have two more questions on LDAP:
> =====================================
> 1) Is there a way to define a Base DN / search context for the LDAP
> objects ?
What would you need this for ? For downloading CA certificate(s) and
CRL(s) you already have the DN and the ATTRIBUTE. I do not understand
your question...
> 2) Is there a way to run the LDAP connection over SSL ?
Of course... if I would support LDAPS ... I have not gone through that
yet...
> 3) Is there a way to enrypt the user password used for the LDAP bind ?
The problem with encrypting the password is that you need to provide a
key/password to decrypt the password.. so where to store this password
now ? The alternative would be to ask the user to insert the 'config'
password when the server starts... but usually servers should have the
ability to start automatically because asking a human interaction could
lead to sever 'availability' issues... so usually (in practice) you
use the permits to solve this problem.
When the server starts, the process is owned by root, so it can read
any file... for example if you have these permits on the configuration:
-r-------- root root ocspd.conf
only root can read the file (it should also work by using
'chmod 000 ocspd.conf' if no special security extension is used (e.g.
SELinux).
--- Max
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Openca-Users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openca-users
