Using a something other then the default schema for directory based enrollment?

Sean,

when I was on the CS, I successfully enrolled with Smartcard using directory based enrollment. I had to modify my schema at times to conform to what CS was sending to the directory server (using wireshark to see what is sent).

For example, if CS sends out o=Certificate Authority which was not an object in my DS, I added it to the subtree and it works. So I did customize to fit what CS wants else it comes back too often with denial. (No way to customize CS to fit the DS.)

Julius

From: pki-users-bounces@redhat.com [mailto:pki-users-bounces@redhat.com] On Behalf Of Veale, Sean
Sent: Tuesday, March 17, 2009 1:51 PM
To: pki-users@redhat.com
Subject: [Pki-users] Using a something other then the default schema fordirectory based enrollment?

Has anyone able to implement directory base enrollment using their own custom schema for the LDAP directory? I.e. either direving from the default one (person is the object class I think) or their own entirelly. I would like do this, but have been running into problems durning the enrollment process. This is using the 8.0 alpha build of the CS but I imagine the dogtag works the same.

I'm attching my TPS and CA configs and Tps-debug log if someone see's a problem with the configuration.

Thanks

Sean

<<ca-cs.cfg>> <<Tps-debug.log>> <<tps-cs.cfg>>