From: Olaf D. <dr...@o-...> - 2002-07-31 11:41:07
|
On Wed, 31 Jul 2002, Massimiliano Pala wrote: > Date: Wed, 31 Jul 2002 11:19:40 +0200 > From: Massimiliano Pala <ma...@ha...> > To: OpenCA Users <ope...@li...> > Subject: Re: [Openca-Users] OpenCA .0.9 - LDAP > > Olaf Dreyer wrote: > > Hi, > > > > I created the following hierachy, all other entries are inserted by the > > OpenCA software. And i found it extremely helpfull to set DEBUG=1 in > > ./lib/functions/mail-utils.lib. And have a look into the file > > ./etc/servers/ldap.conf. > > > > I hope this helps > > Hi, > > well if your base dn for the PKI was "ou=DeLaval CA, o=dreyer, c=DE" you > could simply setup the LDAP directory for that basedn and in the raserver.conf > modify the LDAP parameters accordingly. Or you could set the root to "o=dreyer, > c=DE" and adding the CA certificate there ( but this is a choice ). Can I ask > you why you have set the OU in the "CA" entry ? Is there some arguments or it > is just a choice based on the better way to find the CA entry ? > Well, if i used an existing entry (o=dreyer, c=DE) to add the CA certificates there, i got an error 65 (OBJECT_CLASS_VIOLATION). To get arround this error (quickly) i created the new OU and edited the ldap.conf file: LDAP_CA_DN "ou=DeLaval CA,o=DIS, c=DE" I want to setup OpenCA to work on an existing LDAP Server. Unfortunately the DNs of the user entries look quite different: dn: mail=Ola...@o-..., ou=unit1, dc=o-dreyer, dc=de, dc=. dn: mail=Oth...@o-..., ou=orgunit, dc=o-dreyer, dc=com, dc=. Is it possible to support such a scheme, not following the X.500 rules with OpenCA/OpenSSL? Olaf Dreyer |