Hallo,
I try to get autoca running using the configuration via slapd.d. With slapd.conf it'S working with this configuration: ------- overlay autoca caKeybits 4096 userKeybits 4096 serverKeybits 4096 -------
When I try to configure it with the following settings: --------- dn: olcOverlay={1}autoca,olcDatabase={2}mdb,cn=config objectClass: olcOverlayConfig olcserverKeybits: 4096 olccaKeybits: 4096 olcuserKeybits: 4096 --------- I'll getting: ------------- additional info: olcserverKeybits: attribute type undefined ------------- If I try to configure autoca with the default values, it works.
I use OpenLDAP 2.5.4 on a Debian10
Is there any documentation, more then the manpage?
Stefan
Stefan Kania wrote:
Hallo,
I try to get autoca running using the configuration via slapd.d. With slapd.conf it'S working with this configuration:
overlay autoca caKeybits 4096 userKeybits 4096 serverKeybits 4096
When I try to configure it with the following settings:
dn: olcOverlay={1}autoca,olcDatabase={2}mdb,cn=config objectClass: olcOverlayConfig olcserverKeybits: 4096 olccaKeybits: 4096 olcuserKeybits: 4096
I'll getting:
additional info: olcserverKeybits: attribute type undefined
If I try to configure autoca with the default values, it works.
I use OpenLDAP 2.5.4 on a Debian10
Is there any documentation, more then the manpage?
Read test066 in the test suite. Also read the schema in cn=Schema,cn=config.
Am 24.05.21 um 16:55 schrieb Howard Chu:
Stefan Kania wrote:
Hallo,
I try to get autoca running using the configuration via slapd.d. With slapd.conf it'S working with this configuration:
overlay autoca caKeybits 4096 userKeybits 4096 serverKeybits 4096
When I try to configure it with the following settings:
dn: olcOverlay={1}autoca,olcDatabase={2}mdb,cn=config objectClass: olcOverlayConfig olcserverKeybits: 4096 olccaKeybits: 4096 olcuserKeybits: 4096
I'll getting:
additional info: olcserverKeybits: attribute type undefined
If I try to configure autoca with the default values, it works.
I use OpenLDAP 2.5.4 on a Debian10
Is there any documentation, more then the manpage?
Read test066 in the test suite. Also read the schema in cn=Schema,cn=config.
Thank you, sometimes it's so easy ;-)
I fixed it, thank's to the hint from Howard. Here is my solution: The problem were the wrong names for the olc-attributes. Here are the right settings: ------------- # {1}autoca, {2}mdb, config dn: olcOverlay={1}autoca,olcDatabase={2}mdb,cn=config objectClass: olcOverlayConfig objectClass: olcAutoCAConfig olcOverlay: {1}autoca olcAutoCAuserKeybits: 4096 olcAutoCAserverKeybits: 4096 olcAutoCAKeybits: 4096 -------------
Now it's working. As soon as I do a: ------------- ldapsearch -Q -Y EXTERNAL -LLL -H ldapi:/// "$USER_NAME" "userCertificate;binary" "userPrivateKey;binary" -------------
The certificates for the user will be created.
Now only one thing is missing. How can I replace the self-signed certificate with my own certificate?
Stefan
Am 24.05.21 um 16:40 schrieb Stefan Kania:
Hallo,
I try to get autoca running using the configuration via slapd.d. With slapd.conf it'S working with this configuration:
overlay autoca caKeybits 4096 userKeybits 4096 serverKeybits 4096
When I try to configure it with the following settings:
dn: olcOverlay={1}autoca,olcDatabase={2}mdb,cn=config objectClass: olcOverlayConfig olcserverKeybits: 4096 olccaKeybits: 4096 olcuserKeybits: 4096
I'll getting:
additional info: olcserverKeybits: attribute type undefined
If I try to configure autoca with the default values, it works.
I use OpenLDAP 2.5.4 on a Debian10
Is there any documentation, more then the manpage?
Stefan
Stefan Kania wrote:
I fixed it, thank's to the hint from Howard. Here is my solution: The problem were the wrong names for the olc-attributes. Here are the right settings:
# {1}autoca, {2}mdb, config dn: olcOverlay={1}autoca,olcDatabase={2}mdb,cn=config objectClass: olcOverlayConfig objectClass: olcAutoCAConfig olcOverlay: {1}autoca olcAutoCAuserKeybits: 4096 olcAutoCAserverKeybits: 4096 olcAutoCAKeybits: 4096
Now it's working. As soon as I do a:
ldapsearch -Q -Y EXTERNAL -LLL -H ldapi:/// "$USER_NAME" "userCertificate;binary" "userPrivateKey;binary"
The certificates for the user will be created.
Now only one thing is missing. How can I replace the self-signed certificate with my own certificate?
Use ldapmodify to replace the cACertificate and cAPrivateKey that autoca installed. Read the slapo-autoca(5) manpage more carefully.
openldap-technical@openldap.org
-
Howard Chu -
Stefan Kania