From: Michael B. <mic...@cm...> - 2003-09-22 15:09:34
|
Patricia wrote: > Michael, the ca works OK, but I still have problems with LDAP. > > I had already added the objectclass like this: > objectclass ( 1.2.840.113533.7.67.7 NAME 'rfc822MailUser' > SUP top AUXILIARY > MAY ( rfcMailBox ) ) > > Then I tried > objectclass ( 1.2.840.113533.7.67.7 NAME 'rfc822MailUser' > SUP top AUXILIARY > MAY ( rfcMailBox $ mail ) ) These attributes are identical. > and > objectclass ( 1.2.840.113533.7.67.7 NAME 'rfc822MailUser' > SUP top AUXILIARY > MAY ( mail ) ) > > But I received always the same error: error 64: LDAP-add failed: naming > attribute 'email' is not present in entry Ok, I will fix it. Which directory server do you use? > This problem started after I changed DN_WITHOUT_EMAIL to "N". With "Y", > I have no problem with LDAP, but I need the certificates with email in > DN. Is there any problem in the script that adds the entries to LDAP? No, the problem is that the DN includes a PKCS#9 email address but we only add an RFC822 mailbox to directory entry (the problem is our schema definition and usage). Your server is really restrictive but correct. Max, could you get a private OID space for OpenCA to create our own attributes and more important our own object classes (http://www.iana.org/cgi-bin/enterprise.pl)? I must break the compatibility to entrust and so we need our own OID space. You are the official representative of OpenCA so could you fill in the form? I can do it too if you think it's better (so the spam goes to me :) ). Michael -- ------------------------------------------------------------------- Michael Bell Email: mic...@cm... ZE Computer- und Medienservice Tel.: +49 (0)30-2093 2482 (Computing Centre) Fax: +49 (0)30-2093 2704 Humboldt-University of Berlin Unter den Linden 6 10099 Berlin Email (private): mic...@we... Germany http://www.openca.org |