Johnny Gonzalez wrote:
Thanks a lot Alfonso,
I have another question. Is LDAP case sensitive? I'd
like to know if I can use "O=CERTICAMARA,C=CO" as well
as "o=Certicamara,c=CO"
DNs are case insensitive. so there should be no difference between the two.
Cheers, Peter
Thanks, Johnny
--- Alfonso Sparano <[EMAIL PROTECTED]> escribió:
=== message truncated ===1) The slash (\) is for long line:
dn: serialNumber=9,OU=Internet,CN=Maria DeliaGonzalez Lizarazo,C=CO,L=Bogota\
,ST=calle 65 7-15,O=CERTICAMARA
You can see the slash, the carriage return and a space character. After the space there is the rest of your string.
The complete distinguished name (DN) is
serialNumber=9,OU=Internet,CN=Maria DeliaGonzalez Lizarazo,C=CO,L=Bogota,ST=calle 65 7-15,O=CERTICAMARA
2) The order is really important for LDAP. Ldap is a tree database and so you have a root (perhaps O=CERTICAMARA,C=CO) and a sub-tree OU=Internet. Inside this sub-tree there are all the user certificate and so your java application must access to:
serialNumber=9,CN=Maria DeliaGonzalez Lizarazo,C=CO,L=Bogota,ST=calle 65 7-15, OU=Internet , O=CERTICAMARA,C=CO.
That’s all folk,
Regards Alfonso
-----Messaggio originale----- Da: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Per conto di Johnny Gonzalez Inviato: venerdì 26 novembre 2004 16.49 A: Openca Users list Oggetto: [Openca-Users] Question about LDAP certificates Update
Hello Everybody.
I'm generating request using my own Java app, it sends
the requests to my RA server and it accepts all the
requests I'm sending. I also can sign requests and
Issue certificates. The big problem is when I try to
update my LDAP with the new Issued certificates, it
shows me this error message:
Certificate 4 FAILED (error -4: Distinguished name
conflicts with basedn(s).)
So I check out my CA's DN and the DN used in my
requests (certificates), and they all have the same
base: O=CERTICAMARA,C=CO, but the only difference I
can see is that the DN from my requests doesn't have
the same order, for example, this is the DN for a
certificate I issued using OpenCA's Interface:
dn: serialNumber=8,CN=Rafael
Gonzalez,OU=Internet,O=CERTICAMARA,C=CO
and this is a DN from a request made using my java
app:
dn: serialNumber=9,OU=Internet,CN=Maria DeliaGonzalez
Lizarazo,C=CO,L=Bogota \ ,ST=calle 65
7-15,O=CERTICAMARA
Is the order of the dn elements important to upload my
certificates to LDAP?
I can also see a backslash (\) after my Locality
element (L), can this be the responsible for the error
message.
I set the debug option to true, so here are some
fragments for the debug output.
What should I do?
Thanks a lot,
johnny
LDAP DEBUG OUTPUT FOR CERTIFICATES UPDATE:
(DEBUG) OpenCA::LDAP->add_object: Started add_object
...
(DEBUG) OpenCA::LDAP->add_object: certificate present
...
(DEBUG) OpenCA::LDAP->add_object: no CA-cert ...
(DEBUG) OpenCA::LDAP->add_object: IS_CA ...0
(DEBUG) OpenCA::LDAP->add_object: role ok ...
(DEBUG) OpenCA::LDAP->add_object: Information of the
Object:
(DEBUG) OpenCA::LDAP->add_object: dn
serialNumber=8,CN=Rafael
Gonzalez,OU=Internet,O=CERTICAMARA,C=CO
(DEBUG) OpenCA::LDAP->add_object: cn Rafael Gonzalez
(DEBUG) OpenCA::LDAP->add_object: serID 8
(DEBUG) OpenCA::LDAP->add_object: email
[EMAIL PROTECTED]
(DEBUG) OpenCA::LDAP->add_object: ou ARRAY(0xa5c2708)
(DEBUG) OpenCA::LDAP->add_object: o CERTICAMARA
(DEBUG) OpenCA::LDAP->add_object: l
______________________________________________ Renovamos el Correo Yahoo!: ¡100 MB GRATIS! Nuevos servicios, más seguridad http://correo.yahoo.es
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/
_______________________________________________
Openca-Users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-users
-- _______________________________________________________________________
Peter Gietz (CEO)
DAASI International GmbH phone: +49 7071 2970336
Wilhelmstr. 106 Fax: +49 7071 295114 D-72074 Tübingen email: [EMAIL PROTECTED]
Germany Web: www.daasi.de
Directory Applications for Advanced Security and Information Management _______________________________________________________________________
------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
