[Openca-Users] Connecting openCA with openLDAP

Fri, 18 Feb 2011 02:43:33 -0800 

Hi There,

i've up and running an openCA PKI-Server 1.1.1 (fedora8 or Debian5) with 
openLDAP 2.4 (SLES11) an i really get rid off, getting them working together in 
a suitable way. I'm sure, the reason is my small LDAP-know-How and i don't want 
to become a LDAP-Guru. I just want to upload some CA and User-Certificates into 
my LDAP Instance, but i'm  getting crasy with bindDN, baseDN and RDN and where 
to configure what exactly. Sometimes i'm sucessfull and i can see a certificate 
in my LDAP-Structure, but sometimes i get an error. Of course i includes the 
ldap-Schema openca.schema on the LDAP-Server-Side. But are there any additional 
LDIF-Imports neccessary? Here you see my error, while i try to upload the 
CA-Certificate from the openCA-Webinterface into the LDAP-Server:

Certificate 9 FAILED (error 65: attribute 'cACertificate;binary' not allowed)

Here's a detailed part from the LDAP-Server side log:

Feb 15 19:21:53 ip-10-227-42-19 slapd[1959]: Entry 
(dc=org,dc=openldap,dc=wien), attribute 'cACertificate;binary' not allowed
Feb 15 19:21:53 ip-10-227-42-19 slapd[1959]: entry failed schema check: 
attribute 'cACertificate;binary' not allowed
Feb 15 19:21:53 ip-10-227-42-19 slapd[1959]: hdb_modify: modify failed (65)
Feb 15 19:21:53 ip-10-227-42-19 slapd[1959]: send_ldap_result: conn=1015 op=4 
p=3
Feb 15 19:21:53 ip-10-227-42-19 slapd[1959]: send_ldap_result: err=65 
matched="" text="attribute 'cACertificate;binary' not allowed"
Feb 15 19:21:53 ip-10-227-42-19 slapd[1959]: send_ldap_response: msgid=5 
tag=103 err=65
Feb 15 19:21:53 ip-10-227-42-19 slapd[1959]: conn=1015 op=4 RESULT tag=103 
err=65 text=attribute 'cACertificate;binary' not allowed
Feb 15 19:21:53 ip-10-227-42-19 slapd[1959]: slap_graduate_commit_csn: removing 
0xb7897278 20110215192153.874662Z#000000#000#000000

is there a openLDAP / openCA-Tutorial, which some can recommend? I found 
nothing about this in the web.

Thx 4 help,

andy
germany

------------------------------------------------------------------------------
The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
Pinpoint memory and threading errors before they happen.
Find and fix more than 250 security defects in the development cycle.
Locate bottlenecks in serial and parallel code that limit performance.
http://p.sf.net/sfu/intel-dev2devfeb
_______________________________________________
Openca-Users mailing list
Openca-Users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openca-users

Reply via email to