Hello, all. After years of using the internal database for OpenCA access
control, we thought we'd try LDAP. We are testing OpenCA 1.0.2. We must have
really botched the configuration because it does not even look like the OpenCA
host is sending LDAP traffic to the directory server (fedora directory server).
We thought we would start out very simply. Here is our configuration:
<user>
<name>admin</name>
<algorithm>sha1</algorithm>
<digest>+ARRvjkjklkkkjlDFpY</digest>
<role>CA Operator</role>
</user>
</passwd>
<database>ldap</database>
<ldapdata>
<host>192.168.223.23</host>
<port>389</port>
<base>dc=niag,dc=com,dc=ssiservices,dc=biz</base>
<binddn>uid=dsearcher,dc=niag,dc=com,dc=ssiservices,dc=biz</binddn>
<bindpw>opencapassword</bindpw>
<usetls>no</usetls>
<searchattr>uid</searchattr>
<ldapdefaultauthmeth>bind</ldapdefaultauthmeth>
<ldappwattr>userpassword</ldappwattr>
<ldappwattrhash>sha1</ldappwattrhash>
</ldapdata>
What are we missing? By the way, what rights does the openca ldap user need to
the directory? We are testing with pretty liberal rights but we like to tighten
security to as needed access when we go to production.
Is there a good how-to on setting up LDAP access control in OpenCA? The
existing instructions are not very clear to us because of our lack of LDAP
experience. Thanks - John
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Openca-Users mailing list
Openca-Users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openca-users
