[Pki-users] Security Officer Mode enabling - where does the ldap auth come from?
Fabian Bertholm
fabeisageek at googlemail.com
Thu Feb 17 11:25:26 UTC 2011
Got it:
nsslapd-syntaxcheck: off ;)
2011/2/17 Fabian Bertholm <fabeisageek at googlemail.com>:
> Hi,
>
> Im a little bit stuck on enabling the Security Officer Mode, I'm
> following the guide at:
> http://docs.redhat.com/docs/en-US/Red_Hat_Certificate_System/8.0/html/Managing_Smart_Cards_with_the_Enterprise_Security_Client/Using_the_Enterprise_Security_Client-Security_Officer_Mode.html#enabling-secmod
>
> When formating the blank token my TPS likes to have authentication by
> default on soKey format operations. This does not work, the
> tps-debug.log says RA_Processor::RequestExtendedLogin - No Extended
> Login Response Msg Received and aborts. I wonder where the login data
> should come from as the ESC is not prompting for a ldap user/pw in
> this case.
> btw. I did not use the absolut path
> /var/lib/pki-tps/cgi-bin/so/index.cgi as stated in guide but the http
> url as this made more sendse to me.
>
> When disabling the authentication for soKey format within the CS.cfg
> then the formating runs through until the error:
>
> RA:tdb_update - failed to add tokendb entry
> RA_Format_Processor::Process - Failed to update the token database
>
> I sniffed with wireshatk and I can see that the ldap addRequest to the
> tokendb is failing with a syntax error: tokenUserID: value #0 invalid
> per syntax. And indeed it is missing in the addRequest. I think this
> is because the auth is disabled and now there is no UserID.
>
> How to continue?
>
> Best regards,
> fabe
>
More information about the Pki-users
mailing list