Mohammad D wrote:
> I want to start LDAP service for publishing CRLs and Certificates for a
> Certificate Authority.
> I am new to ldap and I have not yet found any good references to guide me how
> to use ldap for these purposes.
See RFC 4523 for object class pkiCA etc.
You can find examples in LDAP servers of various german trust centers.
One example:
http://demo.web2ldap.de:1760/web2ldap?ldap://www.trustcenter.de/o%3DTC%20TrustCenter%2Cou%3Dcacerts%2Cdc%3Dtrustcenter%2Cdc%3Dde??one?%28objectClass%3D%2A%29
There is also
ldap.signtrust.de
directory.d-trust.de
and others
In the example command-line you would have to know the cn and o of an existing
entry to form a correct search base.
$ -b "cn=<common name>,o=<Org Name>"
<common name>
<Org Name>
are just placeholders.
> but as I mentioned SASL error was shown.
That's why you have to use -x with ldapsearch to send a simple bind request.
> using -x somehow solved the problem for verisign but doing an empty search
> showed the following error:
> result: 53 server is unwilling to perform
> text: please enter more characters
That's because you are just using the placeholders.
> but using -x on active directory server returned the following error:
> result: 1 operation error
> text: 00000000 LdapErr: DSID-0X090627, comment In order to perform this
> operation a successful bind must be completed on connection., data 0
That's because MS AD does not allow anonymous searches.
Ciao, Michael.