[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: authentication problem

To: openldap-technical@openldap.org
Subject: Re: authentication problem
From: harry.jede@arcor.de
Date: Mon, 16 May 2011 15:57:07 +0200
Content-disposition: inline
Dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=arcor.de; s=mail-in; t=1305554231; bh=m8In6gXqQFIYUCEGne6po/NgBTNr6Emeg6I0uqB4Xco=; h=From:To:Subject:Date:References:In-Reply-To:MIME-Version: Content-Type:Content-Transfer-Encoding:Message-Id; b=HlM6MbrDxyWRd0N4TGgNz49uAds6iDK/loPuqT595X5SI//KIIA6dm1mYxdbl69aA 0yIPBJx4h6ZOASGpun4IrEmSyiB8Obp+CFIPpOK7+jjOh5OVxmzaSM07EueEPWUEuq DDd5HvovyOeYjn/ZMUgYWncMcGfipjcMGie42V34=
In-reply-to: <BANLkTika5iDUAfaSm5LJavZYh2DfqGybFQ@mail.gmail.com>
References: <BANLkTi=3XKC-fQeq3788iLGGNp7UXYQphw@mail.gmail.com> <4DD0CD8C.6000800@stroeder.com> <BANLkTika5iDUAfaSm5LJavZYh2DfqGybFQ@mail.gmail.com>
User-agent: KMail/1.9.9

Mohammad D wrote:
> Hi all
> I want to start LDAP service for publishing CRLs and Certificates for
> a Certificate Authority.
> I am new to ldap and I have not yet found any good references to
> guide me how to use ldap for these purposes.
> so I started playing around with Verisign's directory to get some
> ideas: according to VeriSign's knowledge base (
> https://knowledge.verisign.com/support/mpki-support/index?page=conten
>t&id=SO2121&actp=search&viewlocale=en_US&searchid=1305455725926) the
> script *
> ldapsearch -h directory.verisign.com -b "cn=<common name>,o=<Org
> Name>" "(o=*)" "certificaterevocationlist"
> *should return the CRL. 
If a pubkey and/or a CRL is stored ;-) 

I am only a poor man :-) and do not have a verisign cert. From my Firefox
browsers cert cache their is only one verisign cert, but w/o crl :-( .
I assume that this cert is no longer stored at verisign.

"cn" and "o" are from the old public key of "KAPLAN INC". A company which is
totally unkown to me. I believe they have changed their CA.

ldapsearch -x -h directory.verisign.com -b "cn=www.selftestsoftware.com,o=KAPLAN 
INC"  "o=KAPLAN INC" "certificaterevocationlist" 
# extended LDIF
#
# LDAPv3
# base <cn=www.selftestsoftware.com,o=KAPLAN INC> with scope subtree
# filter: o=KAPLAN INC
# requesting: certificaterevocationlist 
#

# search result
search: 2
result: 32 No such object

# numResponses: 1


-- 

Harry Jede

References:
- authentication problem
  - From: Mohammad D <modaei@gmail.com>
- Re: authentication problem
  - From: Michael Ströder <michael@stroeder.com>
- Re: authentication problem
  - From: Mohammad D <modaei@gmail.com>

Prev by Date: Re: Auth problem with openldap and nss_ldap
Next by Date: Re: Storing secondary gid's in openldap
Index(es):
- Chronological
- Thread