Hi, Sorry, I was wrong talking about 'DN-conversion' here:
> Any schema one want to use must match schema settings in ldappublic.xml > which define DN conversion rules. So the right way is to change > ldappublic.xml according to the LDAP schema the customer is used to > and to the rules of DN-conversion you want to implement. and here: > All the conversions are performed in AddMissingNode.pm according to > conversion rules in ldappublic.xml. Actually schema settings in ldappublic.xml define nodes structure. DN is not converted in AddMissingNode.pm - the module just parses DN and creates LDAP nodes using parsed RDNs and schema settings in ldappublic.xml To public the certificate somewhere else (not in the place defined by its DN) the special attribute DirName was used in OpenCA. It seems to me that the right way is to fill that attribute (DirName) with the proper DN while creating the certificate. Then in the LDAP-publishing workflow that attribute must be checked and used as the DN for publishing in the case it is not empty. Otherwise the certificate DN must be used as LDAP DN. This way we store the information on the place where the certificate is expected to be published in the certificate attribute. Best regards, Petr Grigoriev. ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ OpenXPKI-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-devel
