Sean,
when I was on the CS, I successfully enrolled with Smartcard
using directory based enrollment. I had to modify my schema at times to
conform to what CS was sending to the directory server (using wireshark
to see what is sent).
For example, if CS sends out o=Certificate Authority which was not an
object in my DS, I added it to the subtree and it works. So I did
customize to fit what CS wants else it comes back too often with denial.
(No way to customize CS to fit the DS.)
Julius
________________________________
From: pki-users-bounces(a)redhat.com [mailto:pki-users-bounces@redhat.com]
On Behalf Of Veale, Sean
Sent: Tuesday, March 17, 2009 1:51 PM
To: pki-users(a)redhat.com
Subject: [Pki-users] Using a something other then the default schema
fordirectory based enrollment?
Has anyone able to implement directory base enrollment using their own
custom schema for the LDAP directory? I.e. either direving from the
default one (person is the object class I think) or their own entirelly.
I would like do this, but have been running into problems durning the
enrollment process. This is using the 8.0 alpha build of the CS but I
imagine the dogtag works the same.
I'm attching my TPS and CA configs and Tps-debug log if someone see's a
problem with the configuration.
Thanks
Sean
<<ca-cs.cfg>> <<Tps-debug.log>> <<tps-cs.cfg>>