I fixed it, thank's to the hint from Howard. Here is my solution:
The problem were the wrong names for the olc-attributes. Here are the
right settings:
-------------
# {1}autoca, {2}mdb, config
dn: olcOverlay={1}autoca,olcDatabase={2}mdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcAutoCAConfig
olcOverlay: {1}autoca
olcAutoCAuserKeybits: 4096
olcAutoCAserverKeybits: 4096
olcAutoCAKeybits: 4096
-------------
Now it's working. As soon as I do a:
-------------
ldapsearch -Q -Y EXTERNAL -LLL -H ldapi:/// "$USER_NAME"
"userCertificate;binary" "userPrivateKey;binary"
-------------
The certificates for the user will be created.
Now only one thing is missing. How can I replace the self-signed
certificate with my own certificate?
Stefan
Am 24.05.21 um 16:40 schrieb Stefan Kania:
Hallo,
I try to get autoca running using the configuration via slapd.d. With
slapd.conf it'S working with this configuration:
-------
overlay autoca
caKeybits 4096
userKeybits 4096
serverKeybits 4096
-------
When I try to configure it with the following settings:
---------
dn: olcOverlay={1}autoca,olcDatabase={2}mdb,cn=config
objectClass: olcOverlayConfig
olcserverKeybits: 4096
olccaKeybits: 4096
olcuserKeybits: 4096
---------
I'll getting:
-------------
additional info: olcserverKeybits: attribute type undefined
-------------
If I try to configure autoca with the default values, it works.
I use OpenLDAP 2.5.4 on a Debian10
Is there any documentation, more then the manpage?
Stefan
--
Stefan Kania
Landweg 13
25693 St. Michaelisdonn
Signieren jeder E-Mail hilft Spam zu reduzieren und schützt Ihre
Privatsphäre. Ein kostenfreies Zertifikat erhalten Sie unter
https://www.dgn.de/dgncert/index.html