Am 20.10.20 um 22:54 schrieb Howard Chu: > Stefan Kania wrote: >> >> Am 20.10.20 um 22:20 schrieb Howard Chu: >>> Stefan Kania wrote: >>>> But when I create a user or a server there is no certificate. In the >>>> manpage said: >>>> --------- >>>> Certificates for users and servers are generated on demand using a >>>> Search request >>>> --------- >>> The manpage says, exactly: >>> >>> Certificates for users and servers are generated on demand >>> using a >>> Search request returning only the userCertificate;binary and >>> userPriā >>> vateKey;binary attributes. Any Search for anything besides >>> exactly >>> these two attributes is ignored by the overlay. >>> >> That's what I did: > > I suggest you run test066 in the test suite and follow its steps. > Now it's working. My problem was I tried to override the objectClass for autoca with :
userClass inetOrgPerson But this was not work. I removed the line from the config now searching for a user or a host the first time with: ------- ldapsearch -xZZ -LLL -D "cn=admin,dc=example,dc=net" -W "cn=user2 ldap" "userCertificate;binary" "userPrivateKey;binary" ------- the certificate and key will be created. Every search for the user the next time the certificate is listed without "userCertificate;binary" "userPrivateKey;binary".
smime.p7s
Description: S/MIME Cryptographic Signature
