Benjamin Henne wrote:
I had to add openca.schema to slapd.conf
This is the usual way.
# Schema and objectClass definitions include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/inetorgperson.schema include /usr/src/openca-0.9.2.2/contrib/openldap/openca.schema When I did this I got some conflicts between openca and core schema! (slapd 2.2.23-8 debian) I had to comment some things in core.schema to get it working. #objectclass ( 2.5.6.21 NAME 'pkiUser' ... #objectclass ( 2.5.6.22 NAME 'pkiCA' ... Or is there a better way to solve this.
Do not comment things in your core.schema. Comment double things in openca.schema. We include all stuff which is perhaps missing in your schema. Modern servers usually know all objectclasses and attributes except of OpenCA's own ones.
Starting OpenLDAP: (db4.2_recover not found), slapd - failed: /usr/src/openca-0.9.2.2/contrib/openldap/openca.schema: line 122: Duplicate objectClass: "2.5.6.21"
pkiUser is today present in all modern configs but two or three years ago it was not so common. pkiCA is a replacement for an old too strict objectclass. We only include it into our scheme to support old 1.2.x OpenLDAP and Netscape directory servers.
Michael -- _______________________________________________________________ Michael Bell Humboldt-Universitaet zu Berlin Tel.: +49 (0)30-2093 2482 ZE Computer- und Medienservice Fax: +49 (0)30-2093 2704 Unter den Linden 6 [EMAIL PROTECTED] D-10099 Berlin _______________________________________________________________
smime.p7s
Description: S/MIME Cryptographic Signature
