Stefan Kania wrote:
I fixed it, thank's to the hint from Howard. Here is my solution: The problem were the wrong names for the olc-attributes. Here are the right settings:
# {1}autoca, {2}mdb, config dn: olcOverlay={1}autoca,olcDatabase={2}mdb,cn=config objectClass: olcOverlayConfig objectClass: olcAutoCAConfig olcOverlay: {1}autoca olcAutoCAuserKeybits: 4096 olcAutoCAserverKeybits: 4096 olcAutoCAKeybits: 4096
Now it's working. As soon as I do a:
ldapsearch -Q -Y EXTERNAL -LLL -H ldapi:/// "$USER_NAME" "userCertificate;binary" "userPrivateKey;binary"
The certificates for the user will be created.
Now only one thing is missing. How can I replace the self-signed certificate with my own certificate?
Use ldapmodify to replace the cACertificate and cAPrivateKey that autoca installed. Read the slapo-autoca(5) manpage more carefully.