[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: about BASEDN and RDN

At 05:40 PM 8/16/99 +0800, cellecial@21cn.com wrote:
>I use OpenLDAP 1.2.4 to store certificates. You know,the subject of
>certificate may be from any country,that is ,the dn of certificates
>can be "...,c=CN","...,c=UK" and so on. Does that mean I should add
>all country code to slapd.conf(like below)?

No.  I would suggest creating user entries somewhere in your DIT
and adding each user's certificate(s) to their entry (regardless
of what the DN in the certificate says).  Hopefully your application
can still find them...

In any case, it's not wise to configure slapd to manage top-level
RDNs (or "") unless you are managing a global directory.

>But is there a root superior to c=CN,c=UK,...?

Yes, "".  (But I do not advise configuring slapd to use a suffix of "").

>Is there any way to solve the problem?

Don't store the certificates based upon the DN stored within them.

>Supposed I have added them all to slapd.conf,can basedn be multiple?


>If it cannot,I should add ' -b "c=..." ' in every operation
>if BASE has been set to "c=CN"  in ldap.conf.

(If I read this right), yes.  You must specify a command line
base anytime you don't want to use the ldap.conf BASEDN.

>Can RDN be "ou=software,o=SDTech,l=cd,st=sc"?