[Date Prev][Date Next]
Dogtag CA with OpenLDAP?
I’m trying to implement Dogtag (http://pki.fedoraproject.org/wiki/PKI_Main_Page)
with my existing OpenLDAP/MIT Kerberos V installation (that’s been running for years).
But it’s failing because of:
[27/Mar/2017:15:49:17][http-bio-8443-exec-3]: confirmMappings: Checking other subtrees using database Domain.TLD-CA.
[27/Mar/2017:15:49:17][http-bio-8443-exec-3]: populateDB: netscape.ldap.LDAPException: error result (32); matchedDN = cn=config
[27/Mar/2017:15:49:17][http-bio-8443-exec-3]: Error in populating database: Failed to check database mapping: netscape.ldap.LDAPException: error result (32); matchedDN = cn=config
Dogtag is only (officially) supporting 389ds, but installing (and maintaining!) another
LDAP/Krb5 server(s) on the network just seems … “wrong”! :)
The code looks like:
Basically, it looks for “nssldap-backend=Domain.TLD-CA” below “cn=mapping tree,cn=config”
(which don’t exists in OpenLDAP of course).
Is there any “389ds compatibility module” or possibly a DN rewrite hack I could use
for this? I’ve never used “389ds” before, so I’m unsure what that object is supposed
to look like, or what “cn=mapping tree” is for exactly..