I would suggest you to create an entry in the openca subtree that you use to bind the openca user with. Your baseDN should be the subtree DN.
Let me know if this fixes the problem. Later, Max On 01/07/2010 06:45 PM, Marco Carcano wrote:
Hi thank you very much John, I'll try the procedure you gave to me as soon as I can. I'd like to ask you a few things - they are design things, that is 1 - I read somewhere in openca that OpenSSL is case-sensitive, ... so that DC= is different from dc=. But OpenLDAP is not case-sensitive. So my question is: do I have to rewrite all my object identifiers uppercase to have OpenCA working with OpenLDAP because OpenSSL is case sensitive? So that I have to replace everything uppercase, for example OU=Users,DC=acme,DC=local? 2 - I want to put everything is OpenCA under the subtree cn=openca,ou=Certificates,ou=Services,dc=acme,dc=local and I use the DN cn=openca,ou=Certificates,ou=Services,dc=acme,dc=local also to authenticate against the LDAP server - but I noticed that I got an error that says that bind DN and base DN conflicts. Is it true? Of course they are the same, but do you know why I cannot build a subtree under my bind DN? I use an ACL to allow just the bindDN itself to walk throught the baseDN subtree - and I did the same with other services Thank you for your help Marco Carcano ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ Openca-Users mailing list Openca-Users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openca-users
--
Best Regards,
Massimiliano Pala
--o------------------------------------------------------------------------
Massimiliano Pala [OpenCA Project Manager] ope...@acm.org
project.mana...@openca.org
Dartmouth Computer Science Dept Home Phone: +1 (603) 369-9332
PKI/Trust Laboratory Work Phone: +1 (603) 646-8734
--o------------------------------------------------------------------------
People who think they know everything are a great annoyance to those of us
who do.
-- Isaac Asimov
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------------ Throughout its 18-year history, RSA Conference consistently attracts the world's best and brightest in the field, creating opportunities for Conference attendees to learn about information security's most important issues through interactions with peers, luminaries and emerging and established companies. http://p.sf.net/sfu/rsaconf-dev2dev
_______________________________________________ Openca-Users mailing list Openca-Users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openca-users
