[Pki-users] Using a something other then the default schema fordirectory based enrollment?
Adewumi, Julius-p99373
Julius.Adewumi at gdc4s.com
Tue Mar 17 22:42:12 UTC 2009
Sean,
when I was on the CS, I successfully enrolled with Smartcard
using directory based enrollment. I had to modify my schema at times to
conform to what CS was sending to the directory server (using wireshark
to see what is sent).
For example, if CS sends out o=Certificate Authority which was not an
object in my DS, I added it to the subtree and it works. So I did
customize to fit what CS wants else it comes back too often with denial.
(No way to customize CS to fit the DS.)
Julius
________________________________
From: pki-users-bounces at redhat.com [mailto:pki-users-bounces at redhat.com]
On Behalf Of Veale, Sean
Sent: Tuesday, March 17, 2009 1:51 PM
To: pki-users at redhat.com
Subject: [Pki-users] Using a something other then the default schema
fordirectory based enrollment?
Has anyone able to implement directory base enrollment using their own
custom schema for the LDAP directory? I.e. either direving from the
default one (person is the object class I think) or their own entirelly.
I would like do this, but have been running into problems durning the
enrollment process. This is using the 8.0 alpha build of the CS but I
imagine the dogtag works the same.
I'm attching my TPS and CA configs and Tps-debug log if someone see's a
problem with the configuration.
Thanks
Sean
<<ca-cs.cfg>> <<Tps-debug.log>> <<tps-cs.cfg>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-users/attachments/20090317/618e06f5/attachment.htm>
More information about the Pki-users
mailing list