[Openca-Users] =?iso-8859-1?Q?R=E9f=2E_=3A_[Openca-Users]_Ldap_dc_style?=

Thu, 05 Jun 2003 17:41:00 -0700




matteo degasperi <[EMAIL PROTECTED]>
Envoy� par : [EMAIL PROTECTED]

04.06.2003 16:24

       
        Pour :        [EMAIL PROTECTED]
        cc :        
        Objet :        [Openca-Users] Ldap dc style



>hi,
>I'm new to openCA. I use the version 0.9.1-1
>
>
>i want to integrate the certification authority with an existing ldap
>server of users.
>My ldap uses the dc style for the record and openca uses the style ou=
>u= c=
>
> which configuration files must i change?
The files you have to change to use dc-style are listed in section 2.2.3.1 in the OpenCA Guide.

They are:

1) .conf files in <INSTALL_DIR>/ca/OpenCA/etc/servers and <INSTALL_DIR>/ra/OpenCA/etc/servers you have to change the lines basedn and ldaproot to something like:
basedn "dc=your_company, dc=your_country"
ldaproot "cn=admin,dc=your_company,dc=your_country"
the correspondances between the entries in the openca conf files and the slapd.conf of your ldap server are the following: basedn=suffix, ldaproot=rootdn, ldappwd=rootpwd

In these files you have also to change the configuration of the requests because they are prepared for the old style. Basically change the lines  DN_TYPE_IE_BASE "O" "C"   to   DN_TYPE_IE_BASE "DC" "DC".

2) Check the .html files because several of them display the suffix of the DNs
        3) Edit the certsMail.txt file in <Installation_Path>/ra/OpenCA/lib/servers/ra/mails/
4) In the files in <Installation_PATH>/ca/OpenCA/etc/openssl/openssl and <Installation_PATH>/ca/OpenCA/etc/openssl/openssl you have to adapt the policy section to the new situation. (as you do no longer provide a country (c) field you can not have set country to supplied in the pilicy section; change it to optional ... etc)

>
>thanks at all.
>
>Matteo
>
>
>
>-------------------------------------------------------
>This SF.net email is sponsored by:  Etnus, makers of TotalView, The best
>thread debugger on the planet. Designed with thread debugging features
>you've never dreamed of, try TotalView 6 free at www.etnus.com.
>_______________________________________________
>Openca-Users mailing list
>[EMAIL PROTECTED]
>https://lists.sourceforge.net/lists/listinfo/openca-users

Pierre

_________________________
Pierre Scholtes
Unicible

tel: +41 (0)21 644 6111
fax: +41 (0)21 644 6300
mailto:[EMAIL PROTECTED]
http://www.unicible.ch

Reply via email to