On Fri, 29 Nov 2002, Michael Bell wrote:
> Charles wrote: > > > 1. on the RA server when I tried to import configuration I got the > > following error message: > > > > importing CA-certificate into ldap ...failed in Bind:2 > > Look into ldap.h and you see the meaning of the errorcode: > > LDAP_PROTOCOL_ERROR > > Your LDAP-server only accepts LDAP v3. Please enable LDAP v2 in > slapd.conf or switch to an OpenCA version which supports LDAP v3 (today > only pre-0.9.1-RC7 supports LDAP v3). > > > I ran /usr/local/libexec/slapd to start the ldap server but didn't > > populate the database. I was hoping the RA server would be able to > > initialize the ldap database automatically. Was I right about that? > > Yes, OpenCA can initialize the server if the configurations of the LDAP > server and OpenCA match. > > > 2. hwo do I replace the RA sever certificate and key that were generate > > while installing apache with mod_ssl. Do I also need to replace the dunny > > snake oil CA certificate on the RA server with my CA certificate? > > Yes, of course or do you use or trust this CA ;) > > Michael I am still getting the same error. when trying to import certificdates I got "failed in bind 2, can't write certificate to LDAP" message. As compared with yesterday, I modified ldap.conf to reflect the o=my org and c=US basedn and also included more schemas in slapd.conf(cosine and inetorgperson). The situation is a little better now. yesterdayt after I tried to run import the configuration, the slapd daemon would stop responding. when I ran ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts i would get 'can't contact ldap server (81)' message yesterday but today it was fine. However I am still not able to write certificates to LDAP server. I am using openca-0.9.1-RC7 so do I still have to allow ldap v2 in the slapd.conf? how to do that anyway? also is there anyway that I run the RA server without LDAP? I just want to make it work even if I can't invoke LDAP server. the following is the configuration options I choose during installation. Please have a look and tell me if I have made a mistake there. Thank you very much in advance ./configure \ --with-engine=no \ --enable-ocspd=yes \ --with-httpd-user=httpd \ --with-httpd-group=websrc \ --with-ra-htdocs-fs-prefix=/home/httpd/htdocs/htdocs-ra \ --with-ra-cgi-fs-prefix=/home/httpd/cgi-bin/cgi-ra \ --with-ra-htdocs-url-prefix=/htdocs-ra \ --with-ra-cgi-url-prefix=/cgi-bin/cgi-ra \ --with-pub-htdocs-fs-prefix=/home/httpd/htdocs/htdocs-public \ --with-pub-cgi-fs-prefix=/home/httpd/cgi-bin/cgi-public \ --with-pub-htdocs-url-prefix=/htdocs-public \ --with-pub-cgi-url-prefix=/cgi-bin/cgi-public \ --with-web-host=raserver.SecurityRD.dummy.edu \ --with-ca-organization="dummy University" \ --with-ca-locality="dummy" \ --with-ca-country="US" \ --with-ldap-url=ldap.SecurityRD.dummy.edu \ --with-ldap-port=389 \ --with-ldap-root="cn=Manager,o=dummy Uinversity,c=US" \ --with-ldap-root-pwd="secret" \ --with-module-prefix=/usr/local/OpenCA/modules \ --with-openssl-prefix=/usr/local/ssl \ --prefix=/usr/local \ --enable-db \ --disable-dbi \ --enable-rbac ------------------------------------------------------- This SF.net email is sponsored by: Get the new Palm Tungsten T handheld. Power & Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
