[Pki-users] Security Officer Mode enabling - where does the ldap auth come from?
Jack Magne
jmagne at redhat.com
Thu Feb 17 18:33:07 UTC 2011
On 02/17/2011 03:25 AM, Fabian Bertholm wrote:
> Got it:
>
> nsslapd-syntaxcheck: off ;)
>
> 2011/2/17 Fabian Bertholm<fabeisageek at googlemail.com>:
>
>> Hi,
>>
>> Im a little bit stuck on enabling the Security Officer Mode, I'm
>> following the guide at:
>> http://docs.redhat.com/docs/en-US/Red_Hat_Certificate_System/8.0/html/Managing_Smart_Cards_with_the_Enterprise_Security_Client/Using_the_Enterprise_Security_Client-Security_Officer_Mode.html#enabling-secmod
>>
>> When formating the blank token my TPS likes to have authentication by
>> default on soKey format operations. This does not work, the
>> tps-debug.log says RA_Processor::RequestExtendedLogin - No Extended
>> Login Response Msg Received and aborts. I wonder where the login data
>> should come from as the ESC is not prompting for a ldap user/pw in
>> this case.
>> btw. I did not use the absolut path
>> /var/lib/pki-tps/cgi-bin/so/index.cgi as stated in guide but the http
>> url as this made more sendse to me.
>>
>> When disabling the authentication for soKey format within the CS.cfg
>> then the formating runs through until the error:
>>
>> RA:tdb_update - failed to add tokendb entry
>> RA_Format_Processor::Process - Failed to update the token database
>>
>> I sniffed with wireshatk and I can see that the ldap addRequest to the
>> tokendb is failing with a syntax error: tokenUserID: value #0 invalid
>> per syntax. And indeed it is missing in the addRequest. I think this
>> is because the auth is disabled and now there is no UserID.
>>
>> How to continue?
>>
>> Best regards,
>> fabe
>>
>>
> _______________________________________________
> Pki-users mailing list
> Pki-users at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users
>
My apologies :)
I read the problem portion and missed the solution part!
thanks again,
jack
More information about the Pki-users
mailing list