7:40 a.m.
Hallo,
I try to get autoca running using the configuration via slapd.d. With
slapd.conf it'S working with this configuration:
-------
overlay autoca
caKeybits 4096
userKeybits 4096
serverKeybits 4096
-------
When I try to configure it with the following settings:
---------
dn: olcOverlay={1}autoca,olcDatabase={2}mdb,cn=config
objectClass: olcOverlayConfig
olcserverKeybits: 4096
olccaKeybits: 4096
olcuserKeybits: 4096
---------
I'll getting:
-------------
additional info: olcserverKeybits: attribute type undefined
-------------
If I try to configure autoca with the default values, it works.
I use OpenLDAP 2.5.4 on a Debian10
Is there any documentation, more then the manpage?
Stefan
7:55 a.m.
Stefan Kania wrote:
Hallo,
I try to get autoca running using the configuration via slapd.d. With
slapd.conf it'S working with this configuration:
-------
overlay autoca
caKeybits 4096
userKeybits 4096
serverKeybits 4096
-------
When I try to configure it with the following settings:
---------
dn: olcOverlay={1}autoca,olcDatabase={2}mdb,cn=config
objectClass: olcOverlayConfig
olcserverKeybits: 4096
olccaKeybits: 4096
olcuserKeybits: 4096
---------
I'll getting:
-------------
additional info: olcserverKeybits: attribute type undefined
-------------
If I try to configure autoca with the default values, it works.
I use OpenLDAP 2.5.4 on a Debian10
Is there any documentation, more then the manpage?
Read test066 in the test suite. Also read the schema in cn=Schema,cn=config.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
8:12 a.m.
Am 24.05.21 um 16:55 schrieb Howard Chu:
Stefan Kania wrote:
> Hallo,
>
> I try to get autoca running using the configuration via slapd.d. With
> slapd.conf it'S working with this configuration:
> -------
> overlay autoca
> caKeybits 4096
> userKeybits 4096
> serverKeybits 4096
> -------
>
> When I try to configure it with the following settings:
> ---------
> dn: olcOverlay={1}autoca,olcDatabase={2}mdb,cn=config
> objectClass: olcOverlayConfig
> olcserverKeybits: 4096
> olccaKeybits: 4096
> olcuserKeybits: 4096
> ---------
> I'll getting:
> -------------
> additional info: olcserverKeybits: attribute type undefined
> -------------
> If I try to configure autoca with the default values, it works.
>
> I use OpenLDAP 2.5.4 on a Debian10
>
> Is there any documentation, more then the manpage?
Read test066 in the test suite. Also read the schema in cn=Schema,cn=config.
Thank you, sometimes it's so easy ;-)
5:02 a.m.
I fixed it, thank's to the hint from Howard. Here is my solution:
The problem were the wrong names for the olc-attributes. Here are the
right settings:
-------------
# {1}autoca, {2}mdb, config
dn: olcOverlay={1}autoca,olcDatabase={2}mdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcAutoCAConfig
olcOverlay: {1}autoca
olcAutoCAuserKeybits: 4096
olcAutoCAserverKeybits: 4096
olcAutoCAKeybits: 4096
-------------
Now it's working. As soon as I do a:
-------------
ldapsearch -Q -Y EXTERNAL -LLL -H ldapi:/// "$USER_NAME"
"userCertificate;binary" "userPrivateKey;binary"
-------------
The certificates for the user will be created.
Now only one thing is missing. How can I replace the self-signed
certificate with my own certificate?
Stefan
Am 24.05.21 um 16:40 schrieb Stefan Kania:
Hallo,
I try to get autoca running using the configuration via slapd.d. With
slapd.conf it'S working with this configuration:
-------
overlay autoca
caKeybits 4096
userKeybits 4096
serverKeybits 4096
-------
When I try to configure it with the following settings:
---------
dn: olcOverlay={1}autoca,olcDatabase={2}mdb,cn=config
objectClass: olcOverlayConfig
olcserverKeybits: 4096
olccaKeybits: 4096
olcuserKeybits: 4096
---------
I'll getting:
-------------
additional info: olcserverKeybits: attribute type undefined
-------------
If I try to configure autoca with the default values, it works.
I use OpenLDAP 2.5.4 on a Debian10
Is there any documentation, more then the manpage?
Stefan
--
Stefan Kania
Landweg 13
25693 St. Michaelisdonn
Signieren jeder E-Mail hilft Spam zu reduzieren und schützt Ihre
Privatsphäre. Ein kostenfreies Zertifikat erhalten Sie unter
https://www.dgn.de/dgncert/index.html
5:31 a.m.
Stefan Kania wrote:
I fixed it, thank's to the hint from Howard. Here is my
solution:
The problem were the wrong names for the olc-attributes. Here are the
right settings:
-------------
# {1}autoca, {2}mdb, config
dn: olcOverlay={1}autoca,olcDatabase={2}mdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcAutoCAConfig
olcOverlay: {1}autoca
olcAutoCAuserKeybits: 4096
olcAutoCAserverKeybits: 4096
olcAutoCAKeybits: 4096
-------------
Now it's working. As soon as I do a:
-------------
ldapsearch -Q -Y EXTERNAL -LLL -H ldapi:/// "$USER_NAME"
"userCertificate;binary" "userPrivateKey;binary"
-------------
The certificates for the user will be created.
Now only one thing is missing. How can I replace the self-signed
certificate with my own certificate?
Use ldapmodify to replace the cACertificate and cAPrivateKey that autoca installed.
Read the slapo-autoca(5) manpage more carefully.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
736
days inactive
743
days old
openldap-technical@openldap.org
4 comments
2 participants
participants (2)
-
Howard Chu -
Stefan Kania