I ran into some thing like this when I also first began to configure CA etc. Not enough documentation for beginners. I had to get Wireshark and trace what network packets are sent across from client to server and see the LDAP credentials searched for and then I acted accordingly. i.e when I see that the search was for uid=abc, o=TokenUser then I setup such in the Directory Server. Only because I had access to both client and server. Wireshark helped me a lot! From: Julius Adewumi @GDC4S.com Ph:480-441-6768 Contract Corp:MTSI ________________________________ From: pki-users-bounces(a)redhat.com [mailto:pki-users-bounces@redhat.com] On Behalf Of Zach Casper Sent: Tuesday, December 16, 2008 9:00 AM To: pki-users(a)redhat.com; 'General discussion list for the Fedora Directory server project.' Subject: [Pki-users] LDAP Authentication We have followed all steps to install/run Fedora Dogtag/FDS using default settings. We have also added users/certificates from within the CA/RA subsystems. We are now to the point we need to format and enroll some smart cards, however, the LDAP Authentication dialog appears and no combination of LDAP User ID/Password work. We've tried cn=Directory Manager, Admin, pkiuser...all without luck. I know we must have users already in FDS but this documentation seems not to exist. How do we either add users in FDS so that we can continue to format and enroll smart cards? Are we missing something? -- Zach Casper Envieta LLC

I have a CS system setup on Red Hat Enterprise 4.5 running CS 7.3 (I'm also going to try this on fedora/dogtag but that is for a another day). Using the gemalto smart cards I've succsefully be able to setup the enterprise security client(ESC) to talk to a token processing system(tps) which in turn talks to a Certificate Authority (CA), data recovery module(drm) and Token key system(TKS) to format and enroll cards. Now I want to see if another hardware token can be used and am a little confused on how to go about doing that. Is sections 8.5 and 9.3 of the CS admin manual the best information aviable on this subject? I do have the Encryption Key(master key I belive in the docs) MAC key and KEK key for the token but I'm not sure how to go about generating the nessary key pairs. Anyone been able to do this and/or know of more information online? Thanks Sean Veale Gdc4s

Hi I'm I've been building the dogtag CS system following these instruction here and have hit a snag that I was wondering if you knew about. http://pki.fedoraproject.org/wiki/PKI_Common_Components_via_Subversion I've been able to pull the source from svn and have been succusfully built and installed up to the pki-common But that one is complaining that it needs tomcatjss >= 1.00 is needed by pki-common-1.0.0.33.fc9.noarch.rpm Looking through yum or online I can't seem to find a package for tomcatjss beyond a couple bugs in the bugbase saying it needs to be pushed to redhat 5.3 like this one. https://bugzilla.redhat.com/show_bug.cgi?id=457338 Do you know where / if I can get an rpm for tomcatjss that will work for fc9? Thanks Sean