Stefan Kania wrote:
> I fixed it, thank's to the hint from Howard. Here is my solution:
> The problem were the wrong names for the olc-attributes. Here are the
> right settings:
> -------------
> # {1}autoca, {2}mdb, config
> dn: olcOverlay={1}autoca,olcDatabase={2}mdb,cn=config
> objectClass: olcOverlayConfig
> objectClass: olcAutoCAConfig
> olcOverlay: {1}autoca
> olcAutoCAuserKeybits: 4096
> olcAutoCAserverKeybits: 4096
> olcAutoCAKeybits: 4096
> -------------
>
> Now it's working. As soon as I do a:
> -------------
> ldapsearch -Q -Y EXTERNAL -LLL -H ldapi:/// "$USER_NAME"
> "userCertificate;binary" "userPrivateKey;binary"
> -------------
>
> The certificates for the user will be created.
>
>
> Now only one thing is missing. How can I replace the self-signed
> certificate with my own certificate?
Use ldapmodify to replace the cACertificate and cAPrivateKey that autoca
installed.
Read the slapo-autoca(5) manpage more carefully.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
