On Sat, 2008-11-08 at 22:26 -0500, [EMAIL PROTECTED] wrote: > Hello, all. After years of using the internal database for OpenCA access > control, we thought we'd try LDAP. We are testing OpenCA 1.0.2. We must have > really botched the configuration because it does not even look like the > OpenCA host is sending LDAP traffic to the directory server (fedora directory > server). > > We thought we would start out very simply. Here is our configuration: > <user> > <name>admin</name> > <algorithm>sha1</algorithm> > <digest>+ARRvjkjklkkkjlDFpY</digest> > <role>CA Operator</role> > </user> > </passwd> > <database>ldap</database> > <ldapdata> > <host>192.168.223.23</host> > <port>389</port> > <base>dc=niag,dc=com,dc=ssiservices,dc=biz</base> > > <binddn>uid=dsearcher,dc=niag,dc=com,dc=ssiservices,dc=biz</binddn> > <bindpw>opencapassword</bindpw> > <usetls>no</usetls> > <searchattr>uid</searchattr> > <ldapdefaultauthmeth>bind</ldapdefaultauthmeth> > <ldappwattr>userpassword</ldappwattr> > <ldappwattrhash>sha1</ldappwattrhash> > </ldapdata> > > What are we missing? By the way, what rights does the openca ldap user need > to the directory? We are testing with pretty liberal rights but we like to > tighten security to as needed access when we go to production. > > Is there a good how-to on setting up LDAP access control in OpenCA? The > existing instructions are not very clear to us because of our lack of LDAP > experience. Thanks - John <snip> Ah, we commented out the internal database section and now we are at least querying the LDAP server. So it looks like we can only use one access database at a time.
We still have some kinks to work out so, if anyone can point us to a good how-to on using LDAP for access control, we'd appreciate it. Thanks - John -- John A. Sullivan III Open Source Development Corporation +1 207-985-7880 [EMAIL PROTECTED] http://www.spiritualoutreach.com Making Christianity intelligible to secular society ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Openca-Users mailing list Openca-Users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openca-users
